Bitcoin Forum
August 17, 2018, 12:15:27 AM *
News: Latest stable version of Bitcoin Core: 0.16.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 5 6 7 8 9 10 [All]
  Print  
Author Topic: [white paper] Purely P2P Crypto-Currency With Finite Mini-Blockchain  (Read 23843 times)
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 04, 2013, 09:01:08 PM
#1

I've been working on this idea for a few months now but I couldn't get past the problem of making the scheme satisfactorily secure. I finally solved that part of the puzzle about a week ago and immediately decided that I needed to write a white paper and formalize the concept some what.

I also want to give an acknowledgment to member aaaxn for helping me fine tune some of the concepts in the paper, his knowledge was very helpful. Until now no one else has read this white paper so I'm hoping for a lot more great feedback from other members.

NOTE: the white paper is now fairly out-dated. Check the project wiki for more up-to-date information concerning the mini-blockchain proposal.

Purely P2P Crypto-Currency With Finite Mini-Blockchain (PDF)

Quote
ABSTRACT

Almost all P2P crypto-currencies prevent double spending and similar such attacks
with a bulky blockchain scheme, and the ones which do not typically use some sort
of pseudo-centralized solution to manage the transactions. Here I propose a purely
P2P crypto-currency scheme with a finite blockchain, dubbed the mini-blockchain.
Each time a new block is solved the oldest block is trimmed from the end of the mini-
blockchain so that it always has the same number of blocks. It is argued that the loss
of security this trimming process incurs can be solved with a small proof chain and
the loss of coin ownership data is solved with a database which holds the balance of
all non-empty addresses, dubbed the account tree. The proof chain secures the mini-
blockchain and the mini-blockchain secures the account tree. This paper will describe
the way in which these three mechanisms can work together to form a system which
provides a high level of integrity and security, yet is much slimmer than all other purely
P2P currencies. It also offers other potential benefits such as faster transactions and
lower fees, quicker network synchronization, support for high levels of traffic, more
block space for custom messages, and increased anonymity.

Project development thread: https://bitcointalk.org/index.php?topic=215936.0

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
BOUNTY PORTALS
BLOG
WHERE BOUNTY MANAGEMENT
MEETS AUTOMATION
SIGNATURE CAMPAIGNS
TWITTER
FACEBOOK
MEDIA CAMPAIGNS
AND MORE!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1534464927
Hero Member
*
Offline Offline

Posts: 1534464927

View Profile Personal Message (Offline)

Ignore
1534464927
Reply with quote  #2

1534464927
Report to moderator
1534464927
Hero Member
*
Offline Offline

Posts: 1534464927

View Profile Personal Message (Offline)

Ignore
1534464927
Reply with quote  #2

1534464927
Report to moderator
1534464927
Hero Member
*
Offline Offline

Posts: 1534464927

View Profile Personal Message (Offline)

Ignore
1534464927
Reply with quote  #2

1534464927
Report to moderator
digitalindustry
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


wubba lubba dub dub


View Profile WWW
May 04, 2013, 09:13:11 PM
#2

reading right now, mostly becasue its such a great idea !

tiny rick !
- https://voat.co/v/Contact/
- Twitter @Kolin_Quark
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 04, 2013, 09:27:33 PM
#3

reading right now, mostly becasue its such a great idea !
Well it's not that hard to come up with a great idea.
The hard part is making the idea work.
Thanks for taking a look.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
digitalindustry
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


wubba lubba dub dub


View Profile WWW
May 04, 2013, 10:00:16 PM
#4

reading right now, mostly becasue its such a great idea !
Well it's not that hard to come up with a great idea.
The hard part is making the idea work.
Thanks for taking a look.

yeah agreed, I just read it , truly i'm also no coder, but i see the design of the proof chain as very ingenious, would this not also lead to much faster trans times?

but obviously a larger and more complex client,  my head hurts at how much work would go into coding that , but its the first time i've seen this problem addressed in a way that makes sense, and seems to provide security.

I guess my question would be in relation to the Proof chain stamp (i see it like the stamp of a film sprocket, the film runs but the stamp records what happened) having only two #'s does that provide a security flaw early in the life of the currency?

awesome work, lets see what the hard core guys say.

tiny rick !
- https://voat.co/v/Contact/
- Twitter @Kolin_Quark
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 04, 2013, 10:15:13 PM
#5

but obviously a larger and more complex client,  my head hurts at how much work would go into coding that
I don't see why the client would be larger or more complex. Nothing described in the paper should really be too difficult to implement, it's really just taking the bitcoin scheme and modifying certain aspects of it to remove the need for a full blockchain.

Quote
having only two #'s does that provide a security flaw early in the life of the currency?
I don't believe so. If it did we could just use the block headers instead of a proof chain... I mean there's really no need to create a whole new proof chain system when we can use the block headers. But the proof chain mechanism probably would have certain advantages assuming it provided the same level of security as the block header system.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2044
Merit: 1007

Newbie


View Profile
May 04, 2013, 10:26:19 PM
#6

U should publish an address for donation. It's very unlikely someone will code the implementation for free.
mr_random
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1000


Decentralize $15-Trillion Global Trade Industry


View Profile
May 04, 2013, 10:29:16 PM
#7

U should publish an address for donation. It's very unlikely someone will code the implementation for free.

This. Look at all the hard work Sunny has done for PPCoin for free and yet he gets constant trolling for it. It's a thankless task!

bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 04, 2013, 10:34:41 PM
#8

[removed]

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 05, 2013, 04:28:22 AM
#9

By the way CFB, what did you did think of the proof chain concept? Can you see any flaws in that idea? Honestly though it may be better to just start by using the block header system and then maybe try creating a proof chain system to see how it works at a later stage.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
digitalindustry
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


wubba lubba dub dub


View Profile WWW
May 05, 2013, 05:16:58 AM
#10

U should publish an address for donation. It's very unlikely someone will code the implementation for free.

This. Look at all the hard work Sunny has done for PPCoin for free and yet he gets constant trolling for it. It's a thankless task!

Ive never seen that, but again i'm not lurking around many PPC topics, PPC principal has be incorporated into other designs , i wouldn't say that is thankless, he has stamped his self in history.

**edit - didn't really know what i was talking about re code related to PPC *** removed this line -

tiny rick !
- https://voat.co/v/Contact/
- Twitter @Kolin_Quark
digitalindustry
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


wubba lubba dub dub


View Profile WWW
May 05, 2013, 05:18:51 AM
#11

come on FFS coders have a look at this, i want to know if this is viable myself.

(picturing them hard at work making LTC copies to pump and dump lol jks)

 Undecided

tiny rick !
- https://voat.co/v/Contact/
- Twitter @Kolin_Quark
Caesar V
Sr. Member
****
Offline Offline

Activity: 368
Merit: 250



View Profile
May 05, 2013, 05:24:06 AM
#12

My body is ready! (for making money)..  Grin
xorxor
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250



View Profile
May 05, 2013, 06:04:52 AM
#13

-----deleted-----

judged to quickly.

fuck deeponion, fuck bitcoincash, all glory to one BITCOIN
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2044
Merit: 1007

Newbie


View Profile
May 05, 2013, 07:42:55 AM
#14

By the way CFB, what did you did think of the proof chain concept? Can you see any flaws in that idea? Honestly though it may be better to just start by using the block header system and then maybe try creating a proof chain system to see how it works at a later stage.

The very 1st impression was "Hm, looks like proof chain is just block headers chain". Then I started to apply different theorems trying to find contradictions. Here is a short list:

1. CAP theorem
2. Space-time tradeoff
3. Shannon's source coding theorem

Unfortunatelly, I didn't get ur idea completely even after 2 readings. If u tried to apply mentioned theorems to ur approach, it would be easier to comprehend the whitepaper. The main thing I'm daunted with is that ur approach lets to validate the whole transaction history without trusting to 3rd parties. I can't prove that but I believe that it's impossible without trusting to some "outer" source of information.
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 05, 2013, 11:19:55 AM
#15

The main thing I'm daunted with is that ur approach lets to validate the whole transaction history without trusting to 3rd parties. I can't prove that but I believe that it's impossible without trusting to some "outer" source of information.
I think idea is that you don't need to have whole transaction history. Having information about current balances of all accounts is sufficient.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2044
Merit: 1007

Newbie


View Profile
May 05, 2013, 11:23:51 AM
#16

The main thing I'm daunted with is that ur approach lets to validate the whole transaction history without trusting to 3rd parties. I can't prove that but I believe that it's impossible without trusting to some "outer" source of information.
I think idea is that you don't need to have whole transaction history. Having information about current balances of all accounts is sufficient.

U have to trust a 3rd party in this case, don't u? If I'm wrong then Shannon's source coding theorem should be wrong too.
bitdwarf
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


The cryptocoin watcher


View Profile
May 05, 2013, 11:34:51 AM
#17

Forgive my ignorance, but wouldn't it be enough to ask a bunch of peers for a hash of the older transactions? Some peers would keep the full chain, others would keep chains with partly hashed chunks, they can keep validating these hashed chunks against their peers all the time to purge anyone that managed to create a chunk with the same hash.

𝖄𝖆𝖈: YF3feU4PNLHrjwa1zV63BcCdWVk5z6DAh5 𝕭𝖙𝖈: 12F78M4oaNmyGE5C25ZixarG2Nk6UBEqme
Ɏ: "the altcoin for the everyman, where the sweat on one's brow can be used to cool one's overheating CPU" -- theprofileth
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 05, 2013, 11:42:20 AM
#18

I was suspicious from the beginning about idea of creating proof chain from just two hashes and it looks I was right. Proof chain is useless if you do not include block header with it.
First indirect proof. Suppose we have original blockchain of length N and there is a fork and nodes split up in half and start generating their own independent chains from block N+1. After both network generate sufficient amount of blocks to cause blockN header to be discarded you would have two different blockchains claiming to be secured by the same proofchain. Of course it means neither is really secured.

Now attack scenario. Suppose there is attacker with more than 50% of hashing power. He takes hash of current best block N and tries generating a next one but instead of using real account database he just create new one in which he holds all coins. If he is able to keep this chain in front of original one for as long as original network looses block N contents he can reveal his chain and it would look perfectly valid for all nodes because they lost track of how account database looked on block N.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2044
Merit: 1007

Newbie


View Profile
May 05, 2013, 11:45:23 AM
#19

Forgive my ignorance, but wouldn't it be enough to ask a bunch of peers for a hash of the older transactions? Some peers would keep the full chain, others would keep chains with partly hashed chunks, they can keep validating these hashed chunks against their peers all the time to purge anyone that managed to create a chunk with the same hash.

Imagine that u have only some data and there are no other peers in the whole universe. I doubt it's possible to compress HUGE transaction history into a couple of GB. U must have HUGE data volume or HUGE computing power to check validity of the data.
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 05, 2013, 11:51:31 AM
#20

Imagine that u have only some data and there are no other peers in the whole universe. I doubt it's possible to compress HUGE transaction history into a couple of GB. U must have HUGE data volume or HUGE computing power to check validity of the data.
I don't understand your point. Whole point of idea in this paper is that you do not keep track of old transactions. It is not loosless compression. You don'0t have access to old transactions and you cannot recreate account balances at any point in time. All yo get is current account balances and a little history that lead to it. I don't see how lossy compression would violate Shannon's theorem.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 05, 2013, 11:55:19 AM
#21

Now attack scenario. Suppose there is attacker with more than 50% of hashing power. He takes hash of current best block N and tries generating a next one but instead of using real account database he just create new one in which he holds all coins. If he is able to keep this chain in front of original one for as long as original network looses block N contents he can reveal his chain and it would look perfectly valid for all nodes because they lost track of how account database looked on block N.
It looks like algorithm presented in this paper is only as secure as mini blockchain is secure and if attacker could sustain 51% hashing power for as long as mini blockchain cycle completes it could cause much more severe problems than in bitcoin, because attacker could rewrite entire account balances database and not just make some double spends.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Nite69
Sr. Member
****
Offline Offline

Activity: 477
Merit: 500


View Profile
May 05, 2013, 12:01:27 PM
#22

+1

Sync: ShiSKnx4W6zrp69YEFQyWk5TkpnfKLA8wx
Bitcoin: 17gNvfoD2FDqTfESUxNEmTukGbGVAiJhXp
Litecoin: LhbDew4s9wbV8xeNkrdFcLK5u78APSGLrR
AuroraCoin: AXVoGgYtSVkPv96JLL7CiwcyVvPxXHXRK9
Nite69
Sr. Member
****
Offline Offline

Activity: 477
Merit: 500


View Profile
May 05, 2013, 12:04:06 PM
#23

hmm.. keep the balances on other chain.. would we get the same result, if the protocol forces that all inputs of a certain address is used if any of them is used? This way, the latest output is *allways* the balance of that address.

Edit; of course not. If a payment comes to that address later.. but maybe the new transaction might include the destination address as an input to that payment, even without sercet key?

Sync: ShiSKnx4W6zrp69YEFQyWk5TkpnfKLA8wx
Bitcoin: 17gNvfoD2FDqTfESUxNEmTukGbGVAiJhXp
Litecoin: LhbDew4s9wbV8xeNkrdFcLK5u78APSGLrR
AuroraCoin: AXVoGgYtSVkPv96JLL7CiwcyVvPxXHXRK9
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 05, 2013, 08:19:28 PM
#24

Now attack scenario. Suppose there is attacker with more than 50% of hashing power. He takes hash of current best block N and tries generating a next one but instead of using real account database he just create new one in which he holds all coins. If he is able to keep this chain in front of original one for as long as original network looses block N contents he can reveal his chain and it would look perfectly valid for all nodes because they lost track of how account database looked on block N.
It looks like algorithm presented in this paper is only as secure as mini blockchain is secure and if attacker could sustain 51% hashing power for as long as mini blockchain cycle completes it could cause much more severe problems than in bitcoin, because attacker could rewrite entire account balances database and not just make some double spends.
Hmmm... I think I see what you are getting at here. The attacker generates a fake chain in the background using the real proof chain but a fake account tree. He outpaces the real mini-blockchain for a full cycle until there's no evidence left to indicate his account tree is fake and releases the fake chain.

That would be one hell of an attack to pull off and even after pulling it off there's a low chance the fake account tree would propagate enough to become the main account tree. But this just goes to show the mini-blockchain does need to hold at least maybe a week or more worth of transaction history.

Although I think one possible way to dramatically minimize the threat of this attack is to make it so a node who has been connected to the network for a while will only accept a different chain with more power if they know where the chain came from, that it didn't just pop out of thin air.

For example a node who has been validating blocks longer than the cycle of the mini-blockchain can simply ignore a new chain if it appears to that node as if the chain popped out of no where. This will still allow the normal process of block orphaning to occur because the chains do not pop out of no where in that case.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 05, 2013, 11:56:41 PM
#25

With the solution I described in my last post, the attacker would only succeed if he convinced enough new nodes to accept his fake chain and together they could supply more hashing power to the fake chain than the older nodes to the real chain. While that seems virtually impossible it may be some what possible if the attacker continues to contribute hashing power even after tricking new nodes to accept the chain. Because obviously this attacker must have an ungodly amount of hashing power to outpace the real mini-blockchain for a full cycle.

One way to really drill the final nail into the coffin of this attack might be this: if a new node detects two full mini-blockchain's which both originate from the same proof chain it can simply resort to a peer vote system by asking older nodes which chain is the valid one. Legitimate older nodes who noticed the fake chain appear out of thin air would reply to the new node telling them not to trust the one which appeared to come out of no where. Now the attacker would have an extremely hard time getting enough slaves in on his little scheme.

Even if the attacker had a huge botnet at his disposal at least 80 to 90 percent of existing and new nodes would reject the fake chain and continue working on the real chain. Soon enough the attacker wouldn't be able to afford continuing the attack and he would give up. The real mini-blockchain would quickly overtake the fake chain once the attacker stopped contributing his hashing power to it. With these mechanisms in place the attacker has no hope of convincing more than half the network to use his fake chain.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 06, 2013, 08:09:42 AM
#26

That would be one hell of an attack to pull off and even after pulling it off there's a low chance the fake account tree would propagate enough to become the main account tree. But this just goes to show the mini-blockchain does need to hold at least maybe a week or more worth of transaction history.
If it would be longer than main chain nodes would switch to it and start extending it so it would definitely propagate.

Although I think one possible way to dramatically minimize the threat of this attack is to make it so a node who has been connected to the network for a while will only accept a different chain with more power if they know where the chain came from, that it didn't just pop out of thin air.

For example a node who has been validating blocks longer than the cycle of the mini-blockchain can simply ignore a new chain if it appears to that node as if the chain popped out of no where. This will still allow the normal process of block orphaning to occur because the chains do not pop out of no where in that case.
I think simplest solution is to forbid nodes to switch to other chain if its divergence from current chain happened before range of mini blockchain. How many previous blocks node stores could be customizable parameter. Professional machines could keep longer history if they wish while client nodes could store just default length ( month or so ).

One way to really drill the final nail into the coffin of this attack might be this: if a new node detects two full mini-blockchain's which both originate from the same proof chain it can simply resort to a peer vote system by asking older nodes which chain is the valid one. Legitimate older nodes who noticed the fake chain appear out of thin air would reply to the new node telling them not to trust the one which appeared to come out of no where. Now the attacker would have an extremely hard time getting enough slaves in on his little scheme.
I think new nodes in this situation (it should be extremely rare or never) should just query nodes for blockchain all the way to block in which competing chains diverged and if no one around has this long history node should just refuse to operate and wait until thing settle. Or it can be advised to download updated client which should in this situation contain hardcoded checkpoint provided by community pointing to right chain.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 06, 2013, 08:31:05 AM
#27

I would advise to update address structure proposed in this paper. I think binary hash tree would be better. Your proposal would require to constantly make hashes over vast amounts of data (all sector hashes) so this data would need to be kept in memory. Moreover with accounts packed in 1000 blocks there is also a lot of data to hash and as transactions would be randomly distributed to all sectors large portions of tree would need to be recalculated in every block. With binary tree you would always need to update just 2 * LOG(N) hashes per transaction and all hashes would be made over fixed length strings. N is number of accounts in tree. This way only small subset of tree would need to be kept in memory.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2044
Merit: 1007

Newbie


View Profile
May 06, 2013, 09:00:56 AM
#28

If I recall correctly maximum information density is achievable at numeral system based on number e (2.718). So triple hash tree could be better than binary one.
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 06, 2013, 09:22:14 AM
#29

If I recall correctly maximum information density is achievable at numeral system based on number e (2.718). So triple hash tree could be better than binary one.
Maybe in theory but from practical point o view binary trees fit nicely in binary world Smiley
First thing which comes to my mind is that transaction would probably operate on account offsets to save space. When you have offset all you have to do is read its binary representation bit by bit and you get exact path you need to follow in binary tree to reach this node. It would require more work on ternary tree.

I found that binary trees have already been discussed ( with nice diagrams ) in context we are talking about. Its was for unspent txouts, but we would just use account balances.
https://en.bitcoin.it/wiki/User:DiThi/MTUT
https://bitcointalk.org/index.php?topic=88208.0

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Impaler
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250



View Profile
May 06, 2013, 10:27:02 AM
#30

How dose this solution compare to Ripple, your ledger system looks similar to what I hear it uses but the mini block chain gives a bit 'memory' then I think Ripple has, you seem to have elegantly combined both concepts here and gotten the strengths of both, I'm going to tell the other FRC developers about it, our lead has expressed interest in doing block-chain trimming.

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Cybersecurity Penetration Testing
.....on the Ethereum Blockchain......
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
        ██▌         ▄  ▄▄
        ██▌        █▀ ▄█
        ██▌       █▀ ██
        ███████████ ▀▀
                 ▀██▄
                  ███
                  ▐██
                  ▐██
                  ███
                 ▄██▀
       ███████████▀
     ▄█ ▄▄
    ██ ▄█
      ██
     ▀▀
.
    ▄██████████████████████████▄
    ████████████████████████████
    ████████████████▀▀▀▀▀▀██████
    ███████████████       ██████
    ██████████████▌   ▐█████████
    ████████████▀▀     ▀▀▀██████
    ████████████          ██████
    ██████████████▌   ▐█████████
    ██████████████▌   ▐█████████
    ██████████████▌   ▐█████████
    ██████████████▌   ▐█████████
    ████████████████████████████
    ████████████████████████████
     ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.

                              ▄████▄
                        ▄▄█████▀▀███
                    ▄▄████▀▀     ███
              ▄▄▄████▀▀    ▄▄   ▐██
          ▄▄█████▀       ▄█▀    ██▌
     ▄▄████▀▀▀       ▄███▀      ██▌
    ████▀        ▄▄████▀       ▐██
     ██████▄▄  ▄█████▀         ██▌
          ▀████████           ▐██
            ▀████▌            ███
             ▀███  ▄██▄▄     ▐██▀
              ███▄███▀███▄   ███
              ▀███▀▀   ▀▀███▄██▌
                          ▀▀█▀▀
.

                      ▄▄▄██▄▄▄    ▄
     ██▄            ▄████████████▀
     █████▄▄       ▐█████████████▀
      █████████▄▄▄▄▐████████████▌
     █▄█████████████████████████▌
     ▀██████████████████████████
       ▀███████████████████████
       ▐██████████████████████
         ▀██████████████████▀
           ▄▄█████████████▀
     ▀████████████████▀▀
          ▀▀▀▀▀▀▀▀
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 06, 2013, 10:40:55 AM
#31

I haven't really looked into it but Ripple appears to use some sort of pseudo-centralized solution. I don't think the coins were created in a decentralized way. And there was just a thread about a Ripple account being hacked because of a weak password or something. So the accounts even appear to be centrally managed.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
GCInc.
Hero Member
*****
Offline Offline

Activity: 566
Merit: 500


View Profile WWW
May 06, 2013, 08:07:34 PM
#32

I admire the ingenuity of this idea.

Now, projecting the potential timelines this opportunity casts, how feasible would it be for Bitcoin to adopt such a mini-chain at a future point in time? Technically and theoretically I mean, casting the massive political obstacles out of the way. Rather simple to convert the full blockchain to mini and proof when the open source framework (from this new crypto) is available, no?

bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 07, 2013, 01:53:25 AM
#33

Quote
how feasible would it be for Bitcoin to adopt such a mini-chain at a future point in time?
Probably pretty unfeasible. Even something like the "rolling chain" idea mentioned in the paper would be extremely tricky to implement with Bitcoin. I spent a lot of time thinking about ways the Bitcoin blockchain could be made much smaller but the only thing I could really come up with was to create a whole new crypto-currency.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 07, 2013, 02:03:50 AM
#34

One way to really drill the final nail into the coffin of this attack might be this: if a new node detects two full mini-blockchain's which both originate from the same proof chain it can simply resort to a peer vote system by asking older nodes which chain is the valid one. Legitimate older nodes who noticed the fake chain appear out of thin air would reply to the new node telling them not to trust the one which appeared to come out of no where. Now the attacker would have an extremely hard time getting enough slaves in on his little scheme.

What you are trying to accomplish to fix your problem here is an uninformed, relatively untrustworthy consensus (how does a new node know which nodes are legitimate?). The two part amazing solution is to use a proof of consensus system that does not rely on proof of work. Much more secure, much more energy efficient. I wasn't lying when I said I've already solved the problems of doing this.

Quote
Even if the attacker had a huge botnet at his disposal at least 80 to 90 percent of existing and new nodes would reject the fake chain and continue working on the real chain. Soon enough the attacker wouldn't be able to afford continuing the attack and he would give up. The real mini-blockchain would quickly overtake the fake chain once the attacker stopped contributing his hashing power to it. With these mechanisms in place the attacker has no hope of convincing more than half the network to use his fake chain.

He can still repeatedly get away with double spending.

bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 07, 2013, 02:18:34 AM
#35

Quote
What you are trying to accomplish to fix your problem here is an uninformed, relatively untrustworthy consensus (how does a new node know which nodes are legitimate?).
It doesn't know. That's why it's a vote system. The node assumes that the majority of votes will be from legitimate nodes. Of course that wont always be the case but it will be the case at least 80% of the time.

Quote
He can still repeatedly get away with double spending.
An attacker with enough power to outpace the blockchain for a day or more is obviously going to get away with something. Even in Bitcoin an attacker with that much power over such a long period of time could do a bit of damage. But it's still not a true form of double spending, it's a temporary illusion, and if the attacker had a hard time getting any other node to accept his fake chain wouldn't it be virtually impossible for him to achieve a double spend?

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 07, 2013, 02:27:39 AM
#36

It doesn't know. That's why it's a vote system. The node assumes that the majority of votes will be from legitimate nodes. Of course that wont always be the case but it will be the case at least 80% of the time.

But the basic rule of defending against a sybil attack is that the majority cannot be trusted.

Quote
An attacker with enough power to outpace the blockchain for a day or more is obviously going to get away with something. Even in Bitcoin an attacker with that much power over such a long period of time could do a bit of damage. But it's still not a true form of double spending, and if the attacker had a hard time getting any other node to accept his fake chain wouldn't it be virtually impossible for him to achieve a double spend?

I actually should have said, he can get away with almost anything against a node that hasn't been around recently. And yes, the same is true of bitcoin. Lots of bad things can be accomplished when you rely on hashing power to determine who is right. Hell, new nodes won't have any idea of whom to trust. Grabbing thousands or millions of IPs is easy; will be drastically easier when IPv6 is the standard.

There IS a way to return to the at-worst bitcoin 51% attack while reducing storage, and that is keeping a historic record for at least a year. Keep the hash of the account ledger rolling through each block, have each tx spend from the ledger not previous txouts, and work from there. If a node was suspicious at the validity of someone's block, they could request its history and hashing power proof over that year or whatever seems reasonable. At least then it's not all time. Compressed account ledger and 1 year of tx history+hashing power is pretty solid proof that it's the real chain.

It still requires proof of work though which means it can be 51% attacked and it wastes a boatload of energy for nothing useful when it can be done a better way.

bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 07, 2013, 02:41:41 AM
#37

But the basic rule of defending against a sybil attack is that the majority cannot be trusted.
Yes that is a valid point but all the older legit nodes can still be trusted, there's no way the attacker can trick them. Not only would the attacker need a boatload of hashing power but also a boatload of IP's and bandwidth to out number the legit nodes. Of course that is still possible so perhaps the best method to solve this problem would not be a voting system but the solution aaxon suggested:

Quote
I think new nodes in this situation (it should be extremely rare or never) should just query nodes for blockchain all the way to block in which competing chains diverged and if no one around has this long history node should just refuse to operate and wait until thing settle. Or it can be advised to download updated client which should in this situation contain hardcoded checkpoint provided by community pointing to right chain.

That pretty much seems like the best solution because it would cut new nodes out of the picture and leave the legit nodes to wear down the attacker until he gives up.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 07, 2013, 02:52:04 AM
#38

Yes that is a valid point but all the older legit nodes can still be trusted, there's no way the attacker can trick them. Not only would the attacker need a boatload of hashing power but also a boatload of IP's and bandwidth to out number the legit nodes.

IPs and bandwidth are hardly issues. Many theoretical attacks should propose "what kind of defense do you have if you're surrounded by bad nodes?" It doesn't necessarily mean the system is weak if it fails to pass these tests, but it does mean it has weaknesses.

Quote
That pretty much seems like the best solution because it would cut new nodes out of the picture and leave the legit nodes to wear down the attacker until he gives up.

It's also effectively DDoSing the network for lite clients. I'm just sayin'...

bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 07, 2013, 03:01:36 AM
#39

It's also effectively DDoSing the network for lite clients. I'm just sayin'...
You'll need to elaborate, I don't understand what you mean.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 07, 2013, 03:12:44 AM
#40

If lite clients shut down in the face of competing chains, commerce cannot continue. aaaxn states that it should rarely be a problem, but the problem exists when someone is making a coordinated attack against the network. These are issues with bitcoin as well, there is nothing particularly wrong with your idea, it just allows for completely forking networks. SPV clients (lite clients) AFAIK can work because hash trees can be used to prove the existence of txouts deep in the chain. That can't be done here because the hash tree disappears after a short period of time, being replaced by a ledger. You have to hope that someone does not perform a sustained attack where they ruin other miner's profitability in an effort to get them to leave, then unleash a devastating attack where they *could* rewrite balances. Some full nodes would complain (full nodes only being run as altruistic measures, yay), but they'd have no chain to champion. Very dire situation.

bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 07, 2013, 03:30:04 AM
#41

Quote
If lite clients shut down in the face of competing chains, commerce cannot continue.
What do "lite clients" have to do with anything here? I'm not sure you understand the concept properly or that you've read the white paper properly.

The new nodes (not lite nodes) would be cut out of the picture. In no way would that shut down commerce, the legitimate older nodes would keep chugging along with the real chain and they wouldn't even pay attention to the fake chain. The fake chain wouldn't even affect anything unless you relied upon a node which was using the fake chain, which cannot happen if new nodes are cut out if the picture until the situation is resolved.

EDIT: or do you mean it may hinder commerce for a business who attempts to start up a new node at the time of this attack? Worse case scenario they have to wait until the attack is over to start their node, or wait until a new client is released with the updated checkpoint. It's not like the businesses already running a node would be affected.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 07, 2013, 03:55:38 AM
#42

What do "lite clients" have to do with anything here? I'm not sure you understand the concept properly or that you've read the white paper properly.

I haven't read the whitepaper at all, because I already know how this process works. And I was responding directly to aaaxn's solution which you said should work. He was talking about new nodes, you must think that the majority of new nodes are going to be "client" nodes rather than full peers (at least in the future when the network is large), because being a full peer costs a lot of bandwidth. Storage is only one aspect. Plus if you intend to earn market share with mobile devices, many clients are simply going to have to rely on what other nodes tell them.

Quote
The new nodes (not lite nodes) would be cut out of the picture. In no way would that shut down commerce, the legitimate older nodes would keep chugging along with the real chain and they wouldn't even pay attention to the fake chain. The fake chain wouldn't even affect anything unless you relied upon a node which was using the fake chain, which cannot happen if new nodes are cut out if the picture until the situation is resolved.

That's great and all for those who can be sure which network is the correct one. For those who can't, they are DDoS'd. Only a stupid attacker is going to start by breaking the chain. He is going to be smart and he is going to play along for some time before making a move. It is again a similar problem to bitcoin's, but you have introduced a vulnerability where the original chain is potentially lost. And the only solutions you have come up with are sybil-poor ones. Right, it's unlikely, it's really hard to do, but it only needs to happen once. Proof-of-work is bad, mmmk?

You still pretty much solve this vulnerability by keeping the chain history for a year. Storage is still bound, and that is a big win. It still suffers from centralization and 51% attacks and wasted energy and all the rest though.

Edit: I have skimmed your proposal now and yes you have addressed the new vulnerability well enough. I'm not sure what vulnerability aaaxn is referring to then. I'll have to redigest. I don't know where this voting crap is coming from. Kudos for putting this into a whitepaper, but this is not enough of an idea to start yet another altcoin imo.

bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 07, 2013, 04:15:14 AM
#43

Quote
Edit: I have skimmed your proposal now and yes you have addressed the new vulnerability well enough. I'm not sure what vulnerability aaaxn is referring to then.
He is referring to a new vulnerability which is some what similar to the old issue but much more difficult to pull off and easy to prevent with the mechanism I've been talking about for the last 2 pages.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 07, 2013, 04:33:13 AM
#44

Ah yes, the secret chain. I missed that along the way and presumed it was a different attack. I just couldn't imagine how you resort to a consensus of untrusted peers as a decision-making process though. Holding the true chain for a year fixes this problem unless the attacker intends to spend an entire year along with the network. Tongue You really can not resort to peer consensus. Remember, mining is a pretty centralized activity, and nodes don't get paid to be nodes. It is fairly easy in theory for EvilCorp to work their way through the hierarchy and control a large view of the network. You are *hoping* altruism wins out. Still inheriting a lot of bitcoin's flaws... and as far as I can tell, SPV is still not possible in the way that bitcoin can do it. Lite nodes are going to need a lot more data than SPV nodes in bitcoin--but perhaps not, I'd have to waste some time thinking on it. But if true, this is not good for bandwidth-unfriendly nodes like mobile devices.

bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
May 07, 2013, 04:45:43 AM
#45

I just couldn't imagine how you resort to a consensus of untrusted peers as a decision-making process though. Holding the true chain for a year fixes this problem unless the attacker intends to spend an entire year along with the network.
Yes I agree you cannot really resort to consensus, that's why I said aaaxn's solution is probably the best. Simply don't give new nodes a chance to be tricked by the fake chain. This resolves the problem in a fairly neat way. Holding an entire year worth of transactions is still way too much when there's no real point. So far this is the only attack we've thought of which might provide incentive to increase the length of the mini-blockchain, but if we can eliminate the threat of this attack without having to do that then that's the way it should be solved. And we can with aaaxn's solution.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 07, 2013, 07:04:34 AM
#46

Ah yes, the secret chain. I missed that along the way and presumed it was a different attack. I just couldn't imagine how you resort to a consensus of untrusted peers as a decision-making process though. Holding the true chain for a year fixes this problem unless the attacker intends to spend an entire year along with the network. Tongue
As you see this kind of attack is extremely unlikely so this precautions I proposed are not really meant to be ever triggered. It's good to include them because it further discourages making secret chain attack because it hurts its potential profitability.

as far as I can tell, SPV is still not possible in the way that bitcoin can do it. Lite nodes are going to need a lot more data than SPV nodes in bitcoin--but perhaps not, I'd have to waste some time thinking on it. But if true, this is not good for bandwidth-unfriendly nodes like mobile devices.
Lite client would need to download block headers from their last known checkpoint or genesis block (few MB) and download few paths in account tree which correspond to addresses client controls/is interested in (few KB). I think he could even download only few most recent blocks and his accounts info. Even if he would get forged data all he risks is that network will reject his transactions.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 07, 2013, 11:35:36 AM
#47

Yes I agree you cannot really resort to consensus, that's why I said aaxon's solution is probably the best. Simply don't give new nodes a chance to be tricked by the fake chain. This resolves the problem in a fairly neat way. Holding an entire year worth of transactions is still way too much when there's no real point.

There is a point though, you have a "lock block" far enough in the past that the odds of overcoming it are unbelievably overwhelming--and it's a cut-off point where you can have nodes decide unanimously that they can't be fooled or user intervention would *then* be required. Then you don't have to resort to shenanigans.

Lite client would need to download block headers from their last known checkpoint or genesis block (few MB) and download few paths in account tree which correspond to addresses client controls/is interested in (few KB). I think he could even download only few most recent blocks and his accounts info. Even if he would get forged data all he risks is that network will reject his transactions.

This can verify balances of addresses, but it does not verify payments.

aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 07, 2013, 05:19:10 PM
#48

This can verify balances of addresses, but it does not verify payments.
To verify payment you only need 2 tree paths. To sender account and to receiver account. Should not require much data. Apart from that lite clients would mostly be used for making payments and rarely for receiving and even if you gets funds to your lite wallet you probably get it from someone whose identity is known to you (exchange, friend, etc.) so they really have nothing to gain from fooling you temporarily. If you are merchant and sell things to strangers you should probably run full node.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 09, 2013, 07:17:10 AM
#49

Let's consider some new awesome possibilities that arises when we get rid of bitcoin scripts and adopt account tree, so this thread won't die off.

Transactions

1) Smaller transactions - transactions could use just account tree offsets instead of addresses / public keys. We can address more accounts than we will probably ever need with 5 bytes. Addresses takes 25 bytes and public keys 65 bytes.
2) Including messages in transactions. We don't need to store transactions indefinitely so we can permit short messages attached to payments (eg. order id). This would improve user experience a lot.
3) We can get rid of sending change back to ourselfs because we can spend any amount of bitcoin from our account.

Accounts
We will store accounts in nice separate cells in db, so we can make different types of accounts as needed.
Fore example:

1) Accounts with descriptions. We can allow attaching custom names to account eg. 'Payment address for shop.example.com'. This description could be presented to users paying to this address. Huge user experience boost.
2) Multi signature accounts. We can make accounts with multiple pubkeys attached and require M of N signatures to spend from this address.
3) Limited accounts. We can define maximum withdrawal limits per time period for accounts.
4) We can extend account types if needed. This system is actually more powerful than bitcoin scripts (we can always make accounts with scripts).

Feel free to extend this list.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
RustyShackleford1950
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250



View Profile
May 09, 2013, 07:28:21 AM
#50

Interesting idea, implementation may be difficult though. Also, what happens far, far into the future, let's imagine this is adopted, won't a large number of transactions mean that previous records are being overwritten at an ever increasing pace, eventually leading to a serious security problem?

On keyboard, the big d, rusty shackleford
achillez
Hero Member
*****
Offline Offline

Activity: 854
Merit: 1000


View Profile
May 09, 2013, 07:29:42 AM
#51

interesting
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 09, 2013, 07:33:07 AM
#52

Interesting idea, implementation may be difficult though. Also, what happens far, far into the future, let's imagine this is adopted, won't a large number of transactions mean that previous records are being overwritten at an ever increasing pace, eventually leading to a serious security problem?
Idea is to keep constant number of recent blocks (for example 5000) so if transaction volume increases mini blockchain will grow in size but it won't hurt security.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 09, 2013, 08:08:57 AM
#53

Secure 0-confirmation small transactions

Concept of accounts with withdrawal limit go me thinking and I think it enables implementation of secure 0-confirmation small payments. By small I mean small relative to your account balance which can make it applicable in even big transactions in absolute terms.
First let me outline how limited accounts could work.

1) Send to network special transaction to modify withdrawal limit for your account. You specify limit as number of coins per no of blocks. Such change will take effect in eg. 100 blocks (delay is important for my idea)
2) Network accepts transaction and after 100 blocks it will reject any transaction that would cause specified limit to be exceeded. Miner node will accept first transaction for withdraw and when he receives another which would cause limit to be exceed he queues it until first one is included in block and limit is available again.

How could limits prevent double spending? Double spending is possible because you can send one transaction to merchant while simultaneously send another one to miners which moves all your coins to other address. But with limits you cannot send all your coins at once and this can help secure merchant transaction.

Suppose you have 100 coins in your account with withdrawal limit of 1 coin per block. If you want to send secure 0-confirmation transaction for 1 coin you sign a transaction to send 1 coin to merchant valid if included in one of next 10 blocks (or whatever amount of confirmations is deemed secure).
Now even if attacker tries to double spend his coins in alternative blockchain he would only be able to move 1 coin from his accounts per block, so event if his network branch is accepted as longest merchant transaction will still be valid and included in some of later block. To successfully make doublespend attacker would need to make 10 blocks alternative branch in secret which is infeasible.
If my reasoning is valid merchant can ensure he will receive funds by:
1) Checking that there is no pending withdraw limit change on sending account
2) Check that sending account balance is high enough so it can't be emptied to fast.
3) Ensure transaction that pays to him has propagated enough in network and that it is on top of queue (checking few respected mining pools is enough)
That should complete in seconds.

Do you see any problems with this idea?

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 09, 2013, 08:18:51 AM
#54

1) Smaller transactions - transactions could use just account tree offsets instead of addresses / public keys. We can address more accounts than we will probably ever need with 5 bytes. Addresses takes 25 bytes and public keys 65 bytes.

In addition to this, 32-byte hashes are not necessary to verify receipt of previous transactions. Peers who have not even communicated with each other before can reference transactions like so:

[timestamp - 4 bytes for each second]
[2-4 bytes of account offset, depending on what is most useful based on transaction activity - 2-4 bytes once for each tx that shares this offset]
[remaining 1-3 bytes for account offset]+[1 byte pseudo-hash]

The 1 byte pseudo-hash could be bigger, but it limits one account to 256 transactions per second, although the client will have to be aware of pseudo-hash collisions. When Visa is only like 4,000 transactions per second, this can't be that big of an issue. So the maximum one transaction could cost in wasted bandwidth is 10 bytes, but on a busy network, most transactions will only cost around 3 bytes to verify receipt or reference it with another peer. This is presuming my initial idea of using timestamps to identify specific transactions. It also allows for an easy way to locate transactions in the transaction block chain, though this is going into my design, but it's the one I know. *shrug*

Although bitcoin could use some protocol tweaking, it still *at best* has to send 32 bytes, but right now just goes ahead and wastes the full 300 bytes or whatever a typical tx is. 32 bytes->3 bytes on a busy network is gigabytes saved daily per node.

Quote
2) Including messages in transactions. We don't need to store transactions indefinitely so we can permit short messages attached to payments (eg. order id). This would improve user experience a lot.

8 bytes I think is an ideal number that allows for setting up a receipt/order system/identity proof. I think bank-like intermediaries (preferably anonymous ones, but that is technology that has to be proposed and advanced outside the network) will be commonly used to preserve anonymity. Account ledgers have some caveats that they are slightly less anonymous than pseudotransactions a la bitcoin. Reusing account numbers needs to be encouraged by lower transaction fees, because it is in the interest of the health of the network. If there are intermediaries that provide you with 8-byte mini-addresses, you can preserve that anonymity completely from everyone except the bank, unless there are ways to provide this anonymously in the future. Those who want bitcoin's pseudonymity can still do it, but tx fees will be higher.

Quote
3) We can get rid of sending change back to ourselfs because we can spend any amount of bitcoin from our account.

This is considered part of bitcoin's pseudonymity as only you and the receiver know which part of the tx is the payment and which is the change. But we all know that bitcoin isn't all that anonymous, and with an account ledger making things even trickier, the idea of pseudonymity needs to be redressed.

Quote
1) Accounts with descriptions. We can allow attaching custom names to account eg. 'Payment address for shop.example.com'. This description could be presented to users paying to this address. Huge user experience boost.

I had this idea for early encoin proposals, but I don't like it because it will create a rush of custom address stealing. If businesses are public on the chain, users can associate the addresses manually. If they use intermediaries, this could still be addressed with using business->user account numbers in the tx message.

Quote
2) Multi signature accounts. We can make accounts with multiple pubkeys attached and require M of N signatures to spend from this address.
3) Limited accounts. We can define maximum withdrawal limits per time period for accounts.

Easy peasy stuff with a ledger. Gotta make sure to have "master" keys that can change those account options, not the accounts themselves. Keep the master key cold and let the hot wallet do its work without fear of a total catastrophe if there is an incident.

Quote
4) We can extend account types if needed. This system is actually more powerful than bitcoin scripts (we can always make accounts with scripts).

Yes, but there needs to be a process of acceptance for this. Say, a voting system. Wink Even if account types are just complex uses of the scripting system, to save the data required to store these simply (and to make sure everyone has the exact same ledger), the account "types" need to be defined and everyone needs to agree on it.

Quote
Feel free to extend this list.

Anyone who plans on reusing a custom transaction could set a custom transaction type up themselves, basically a script-hash storage system. Then it could reference the custom type in a tx and only supply the variables needed to suit the script-hash, saving data. Of course there have to be fees to store this stuff, but people who use the same script-hash a lot could save money on a fee-per-function type tx fee.

A somewhat out-there possibility is to have a proof-of-work storage function. Small networks could use the ledger's proof-of-work (or proof-of-consensus) as a timestamping service and have the final say on the order of that network's events.

I have some other ideas somewhere, but it would require digging up really old notes.

Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 09, 2013, 08:25:00 AM
#55

Do you see any problems with this idea?

It's a big imposition on the user, it's also a transaction which is going to have to have a tx fee. Whenever they have to make a payment for more than the amount, they will have to wait for multiple blocks to have the full tx approved. If they want to change it, it's another tx. Etc. It's also not necessary in a good proof-of-consensus system. Smiley

aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 09, 2013, 09:14:45 AM
#56

In addition to this, 32-byte hashes are not necessary to verify receipt of previous transactions. Peers who have not even communicated with each other before can reference transactions like so:

[timestamp - 4 bytes for each second]
[2-4 bytes of account offset, depending on what is most useful based on transaction activity - 2-4 bytes once for each tx that shares this offset]
[remaining 1-3 bytes for account offset]+[1 byte pseudo-hash]

The 1 byte pseudo-hash could be bigger, but it limits one account to 256 transactions per second, although the client will have to be aware of pseudo-hash collisions. When Visa is only like 4,000 transactions per second, this can't be that big of an issue. So the maximum one transaction could cost in wasted bandwidth is 10 bytes, but on a busy network, most transactions will only cost around 3 bytes to verify receipt or reference it with another peer. This is presuming my initial idea of using timestamps to identify specific transactions. It also allows for an easy way to locate transactions in the transaction block chain, though this is going into my design, but it's the one I know. *shrug*

Although bitcoin could use some protocol tweaking, it still *at best* has to send 32 bytes, but right now just goes ahead and wastes the full 300 bytes or whatever a typical tx is. 32 bytes->3 bytes on a busy network is gigabytes saved daily per node.
I don't understand. In account tree transaction don't have to reference any other transactions. It only reference accounts with version. Transaction in this system should look something like
(trx_version, offsetSender, offsetReceiver, senderVersion, amount, signature)
(1 + 5 + 5 + 5 + 8 ) ~ 24 bytes + signature don't know how long it needs to be.

8 bytes I think is an ideal number that allows for setting up a receipt/order system/identity proof. I think bank-like intermediaries (preferably anonymous ones, but that is technology that has to be proposed and advanced outside the network) will be commonly used to preserve anonymity. Account ledgers have some caveats that they are slightly less anonymous than pseudotransactions a la bitcoin. Reusing account numbers needs to be encouraged by lower transaction fees, because it is in the interest of the health of the network. If there are intermediaries that provide you with 8-byte mini-addresses, you can preserve that anonymity completely from everyone except the bank, unless there are ways to provide this anonymously in the future. Those who want bitcoin's pseudonymity can still do it, but tx fees will be higher.
I think it should be longer to allow some meaningful descriptions for end users like 'for yesterday dinner', etc..
In proposed system nothing stops you from generating new address for every transaction like in bitcoin and I really don't think goal of system should be that every transaction is anonymous. Making anonymous transactions available is enough.

I had this idea for early encoin proposals, but I don't like it because it will create a rush of custom address stealing. If businesses are public on the chain, users can associate the addresses manually. If they use intermediaries, this could still be addressed with using business->user account numbers in the tx message.
What I meant is attaching name to account. Not making this name unique and allowing users to send funds to it.

Yes, but there needs to be a process of acceptance for this. Say, a voting system. Wink Even if account types are just complex uses of the scripting system, to save the data required to store these simply (and to make sure everyone has the exact same ledger), the account "types" need to be defined and everyone needs to agree on it.
I am aware of that. Changes need to be included along with new software revisions. Bitcoin proves consensus can be reached and such changes can be made painless. No need to in network voting system for that.

It's a big imposition on the user, it's also a transaction which is going to have to have a tx fee. Whenever they have to make a payment for more than the amount, they will have to wait for multiple blocks to have the full tx approved. If they want to change it, it's another tx. Etc. It's also not necessary in a good proof-of-consensus system.
Not really. It can be automated in client. You just setup your fast payments account. Specify maximum fast payment size you need and software automatically keep this account balance on required level. If you deplete this sub account to much it is automatically refilled. No user attention is required after setup.
If you need to cancel this account you can always do full account withdrawal which would take something like 2x time of normal confirmation (this is sufficient delay for limit change operation).

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
digitalindustry
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


wubba lubba dub dub


View Profile WWW
May 09, 2013, 09:31:30 AM
#57

Let's consider some new awesome possibilities that arises when we get rid of bitcoin scripts and adopt account tree, so this thread won't die off.

Transactions

1) Smaller transactions - transactions could use just account tree offsets instead of addresses / public keys. We can address more accounts than we will probably ever need with 5 bytes. Addresses takes 25 bytes and public keys 65 bytes.
2) Including messages in transactions. We don't need to store transactions indefinitely so we can permit short messages attached to payments (eg. order id). This would improve user experience a lot.
3) We can get rid of sending change back to ourselfs because we can spend any amount of bitcoin from our account.

Accounts
We will store accounts in nice separate cells in db, so we can make different types of accounts as needed.
Fore example:

1) Accounts with descriptions. We can allow attaching custom names to account eg. 'Payment address for shop.example.com'. This description could be presented to users paying to this address. Huge user experience boost.
2) Multi signature accounts. We can make accounts with multiple pubkeys attached and require M of N signatures to spend from this address.
3) Limited accounts. We can define maximum withdrawal limits per time period for accounts.
4) We can extend account types if needed. This system is actually more powerful than bitcoin scripts (we can always make accounts with scripts).

Feel free to extend this list.

why don't you announce a Topic for the feasibility of another new design based around this principal, -

in the end this whole market is coder rich with the shittiest understanding of economics i have ever seen i my life, and that's doesn't even start to touch on socioeconomic principals,  but in the end that's completley to be expected.

Im here to make a good code "available" to Joe on the street -

The problem is someone like myself thinks so radically different to a coder, but a Coder feels like they "own" the product and for good reason, they essentially do.

But where i can step back and say , i will not even attempt to get involved in Coding , for some reason Coders have a bit of a breakdown where they can't step back and say "i'm a fucking useless at communicating these ideas to thew general public" 

so it's all for nothing, as i said its not just good enough to have THE BEST design, that gets you 50% there.

lucky but for coders I'm waiting to see which is the best then I'll promptly get any coder that will agree with my market design to copy paste it and we can release something.

when my design leaves this forum, no one will say "that was a copy of bla bla" - but full credit will of course go to them.

so why not make a topic about a new "coin" based on this , i'll try to get some coders on board. i'll make it if you like ! ?

tiny rick !
- https://voat.co/v/Contact/
- Twitter @Kolin_Quark
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 09, 2013, 10:31:38 AM
#58

why don't you announce a Topic for the feasibility of another new design based around this principal, -

in the end this whole market is coder rich with the shittiest understanding of economics i have ever seen i my life, and that's doesn't even start to touch on socioeconomic principals,  but in the end that's completley to be expected.

Im here to make a good code "available" to Joe on the street -

The problem is someone like myself thinks so radically different to a coder, but a Coder feels like they "own" the product and for good reason, they essentially do.

But where i can step back and say , i will not even attempt to get involved in Coding , for some reason Coders have a bit of a breakdown where they can't step back and say "i'm a fucking useless at communicating these ideas to thew general public" 

so it's all for nothing, as i said its not just good enough to have THE BEST design, that gets you 50% there.

lucky but for coders I'm waiting to see which is the best then I'll promptly get any coder that will agree with my market design to copy paste it and we can release something.

when my design leaves this forum, no one will say "that was a copy of bla bla" - but full credit will of course go to them.

so why not make a topic about a new "coin" based on this , i'll try to get some coders on board. i'll make it if you like ! ?
I am a coder but not good enough in C++ to implement my idea with sufficient quality (at least not fast), but I could efficiently communicate with developers. I am good at design and have good understanding of economics and business so I keep in my mind that my design need to have some strong selling points to be success. It's true I am not good at selling things to public, making hype etc

Coin design can be separated in 3 parts:
1) Designing db protocol (account balances, transaction etc)
2) Design efficient network security algorithm (Current bitcoin PoW scheme is too expensive )
3) Make sure proper economic incentives are present during bootstraping and when coin matures.

These can be discussed independently, so I don't see a point in publishing new coin design until all 3 parts are ready. Now I have good ideas for 1) and 3) but my idea for 2) needs some discussion. I don't see a point in publishing new coin idea before all 3 parts are sufficiently polished.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 09, 2013, 12:55:25 PM
#59

I don't understand. In account tree transaction don't have to reference any other transactions. It only reference accounts with version. Transaction in this system should look something like
(trx_version, offsetSender, offsetReceiver, senderVersion, amount, signature)
(1 + 5 + 5 + 5 + 8 ) ~ 24 bytes + signature don't know how long it needs to be.

I'm referring to the duplication of data and/or hash required to verify if you already have a tx that a peer is offering. When a connected peer says "hey do u have this tx?" he must send a 32-byte hash in bitcoin. When whichever type of block comes through, intra-peers must send at least a 32-byte hash (again, bitcoin doesn't even do this, it sends the full tx, but it could be a hash). Using what I suggested, only 3-6 bytes need to be sent to know if you have the tx or not. Multiply this by tens or hundreds of txes per second times the number of connected peers, and it is a huge data savings that is not available to bitcoin.

Quote
What I meant is attaching name to account. Not making this name unique and allowing users to send funds to it.

Ah, an interesting proposal.

Quote
I am aware of that. Changes need to be included along with new software revisions. Bitcoin proves consensus can be reached and such changes can be made painless.

Uhh, you need to do more studying on how bitcoin changes have been proposed and adopted then. It is in the hands of 3 or 4 people. Sure it's painless when you only need to get a cartel of miners on board.

Quote
Not really. It can be automated in client. You just setup your fast payments account. Specify maximum fast payment size you need and software automatically keep this account balance on required level. If you deplete this sub account to much it is automatically refilled. No user attention is required after setup.

:shrug: You are rationalizing a whole lot of stuff to provide for fast transactions when it can already be accomplished a better way. And all of this rests on the users being required to do something to help merchants. Merchants can't really force them or expect them to do it. "Advanced" features should be a power-user only thing, otherwise you have millions of people with accounts that have special features that is costing time and bandwidth for everyone to keep track of.

aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 09, 2013, 01:37:09 PM
#60

:shrug: You are rationalizing a whole lot of stuff to provide for fast transactions when it can already be accomplished a better way.
And that is? [Decrits doesn't count. It is so complicated that is even hard to grasp not to mention implementing] Smiley

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 09, 2013, 01:55:23 PM
#61

And that is? [Decrits doesn't count. It is so complicated that is even hard to grasp not to mention implementing] Smiley

Funny how people keep coming up with ideas that are in decrits though and believe each individual idea deserves its own coin. Also funny how convoluted ideas are coming up to fix the problems that are already resolved or don't exist in decrits. I guess some people just need their hands held? Which is better for cryptocurrency in general: 400 different and flawed currencies that each solve 1 problem, or 1 currency that solves them all? I guess it just depends on your pov.

aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 09, 2013, 02:06:10 PM
#62

Funny how people keep coming up with ideas that are in decrits though and believe each individual idea deserves its own coin. Also funny how convoluted ideas are coming up to fix the problems that are already resolved or don't exist in decrits. I guess some people just need their hands held? Which is better for cryptocurrency in general: 400 different and flawed currencies that each solve 1 problem, or 1 currency that solves them all? I guess it just depends on your pov.
I guess it's theory vs reality. Making a coin with proven bitcoin design and only change in database structure is doable and with limited risk. Making your complicated design from scratch requires a much more work and is far more risky. That is why it will probably remain just in theory while other currencies will improve one step a time with real world success.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 09, 2013, 02:18:30 PM
#63

Real world success defined as "market cap of 100 dollars"! What happened to the whole risk vs. reward that bitcoin proponents champion as the reason why early adopters deserve billions of potential dollars for their "smart, early investing"? Seems like most people in reality are scared little girls.

aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 09, 2013, 02:30:39 PM
#64

Real world success defined as "market cap of 100 dollars"! What happened to the whole risk vs. reward that bitcoin proponents champion as the reason why early adopters deserve billions of potential dollars for their "smart, early investing"? Seems like most people in reality are scared little girls.
No, most people are just not convinced to your design. Guess you just have to take this risk and become billionaire then.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
digitalindustry
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


wubba lubba dub dub


View Profile WWW
May 09, 2013, 03:27:00 PM
#65

Real world success defined as "market cap of 100 dollars"! What happened to the whole risk vs. reward that bitcoin proponents champion as the reason why early adopters deserve billions of potential dollars for their "smart, early investing"? Seems like most people in reality are scared little girls.
No, most people are just not convinced to your design. Guess you just have to take this risk and become billionaire then.

lol

+1

have opened a topic based on this BC idea and making a design from it with the NVC core code Balthazar is on board :

https://bitcointalk.org/index.php?topic=199952.0

feel free to contribute !  I can make this big.

tiny rick !
- https://voat.co/v/Contact/
- Twitter @Kolin_Quark
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 09, 2013, 03:30:08 PM
#66

lol

+1

The guy whose idea is to take others' ideas and have someone else code them is lol'ing?

aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 09, 2013, 04:09:30 PM
#67

The guy whose idea is to take others' ideas and have someone else code them is lol'ing?
I guess you call such people managers Smiley

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
digitalindustry
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


wubba lubba dub dub


View Profile WWW
May 09, 2013, 04:22:19 PM
#68

The guy whose idea is to take others' ideas and have someone else code them is lol'ing?
I guess you call such people managers Smiley

that's right friend and as a result we all benefit - we can't all code , but coders can't EVER make marketable ideas either , so i wouldn't call it management so much as a Handshake.

and to Poor Etlase2 (nervous ASIC investor )  i'm actually being up front and trying to give the coders the credit, and more stake than myself (more likely)  otherwise i'd just wait until its made , find an average C++ coder to copy paste it and release it , and the sad thing would be,  that it would be more successful than the original product , but with no credit.

so i see that as nefarious that's why i opened the topic.  

what you need to see is that IF i have a successful design its at least AS valuable as the code.

because as i said, go write some super code and release it on usenet.  :- \

: )  

best way to look at it,  is that its going to happen, i'm going to do it anyhow , so why not try to get the coders in on it , that actually wrote it ?

that way we all benefit - if i'm a good designer they benefit if they are a good coder I benefit - but look around , do i really NEED good code? lol

i'd prefer it but !  

tiny rick !
- https://voat.co/v/Contact/
- Twitter @Kolin_Quark
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 25, 2013, 04:29:02 PM
#69

Awesome features with account ledger continues:

Secure coin laundry
We create new account type for coin laundry operators. Account include required fee and amount of coin deposited as collateral. Collateral is needed to make sure operator is honest. Coins in collateral can only be withdrawed with delay, so operator cannot disappear with users funds.

Algorithm of operation is:
1. Users sends transaction to laundry. To transaction a message is attached which describe amounts and addresses where laundry should send coins. Message encrypted with mixer public key, so only he can read it's contents.
2. Operator must execute specified transactions in N next blocks.
3. I mixer fails to execute transactions user reveals unencrypted message. Anyone can check if it matches encrypted version . User has N blocks to do it and if mixer indeed failed to execute instructions then sent coins are returned to sender from operator collateral (maybe with penalty).

Laundry operator gathers user inputs and when he receive enough of different inputs he starts to execute received instructions. He gets fee for that and he does not have incentive to be dishonest because he risks loosing collateral.

With careful calculation of good values for N and making sure there is never more outstanding user transactions than collateral this system can be made totally safe.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 25, 2013, 05:18:20 PM
#70

re: coin laundry, the system I described here could be safely used for any amount of money. If the SH attempts to be devious, all money will simply be returned and he will lose his deposit. And no correlation can be made between the from and the to accounts (other than it is one of the initiators, so 1/x). It seems as if you have given the laundry this information, so you have not protected anyone from the laundry keeping records. This is the same privacy offered by sending your coins to any site that will keep a balance for you and then cash out at a later time.

However, I did not bring up that it could be used for any amount of money in that thread. I am on the fence about including an all-you-can-use coin mixer as part of the protocol. But it can be very versatile. As part of the transaction, you have the amount required and the number of initiators you require. Say you want to clean 50 coins, and you want 99 other people to clean 50 coins with you, then you initiate it and wait. If you are paranoid that someone will send 99 txes to oust you, you only need to send a tx that fits the criteria of another group and join that one's pool.

aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 25, 2013, 05:43:58 PM
#71

It seems as if you have given the laundry this information, so you have not protected anyone from the laundry keeping records.
Someone need to know how to pair inputs to outputs so he can update account ledger. I don't see a way to avoid that.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 25, 2013, 06:40:44 PM
#72

Blind signature schemes have existed prior to the advent of the internet, and they solve the problem. And in my solution's case (though it has some minor caveats), there is no danger of ever losing your money or having to reveal where you intended to send money if the mixer does something bad. Yours requires that the operator has collateral to cover all transactions, where mine does not. There is also the problem that if not enough transactions are being processed through a mixing account but it is forced to release your transaction, there may be few transactions inbetween that provide reduced linkability. And if the mixer does not release the transaction, your solution completely deanonymizes the transaction if they want to get their money. These are all very significant caveats. And the result is no better than sending your coins to a gambling site or whatever and cashing them out to another account. You could argue the gambling site is more likely to keep records, but coin mixer accounts as part of the protocol is ripe for the honeypotting.

aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 26, 2013, 02:17:01 PM
#73

Yes, I thought it over and your solution can work indeed and has many advantages over mine.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
flipperfish
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251


Dolphie Selfie


View Profile
May 26, 2013, 07:39:36 PM
#74

Could you maybe summarize how your proposal is different from "Ultimate Blockchain Compression" (https://bitcointalk.org/index.php?topic=88208.0. Ref [4] in your paper.)?

As far as I can see, the Account-Tree is more or less equivalent to the UTXO-Set and the Proof-Chain is equivalent to the merge-mined block-header.
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 26, 2013, 08:07:04 PM
#75

Could you maybe summarize how your proposal is different from "Ultimate Blockchain Compression" (https://bitcointalk.org/index.php?topic=88208.0. Ref [4] in your paper.)?

As far as I can see, the Account-Tree is more or less equivalent to the UTXO-Set and the Proof-Chain is equivalent to the merge-mined block-header.
I think it is similar, but is better because it drops unnecessary UXTO concept.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
May 27, 2013, 08:48:00 PM
#76

Another approach to secure laundry using Eltase's ideas.

First let's define Mixing Set.
Mixing Set consists of header and list of inputs to mix. Header includes:
- mixing denomination (1 coin, 100 coin, etc)
- mixing size (how many inputs)
- mixing public key
- time available for ticket redeeming
- input coins used as collateral

Mixing parameters should be standardized so it would be easier to find matching inputs.

Users sends to network intentions to mix which include
- sufficient amount of coins (denomination + fee)
- requested denomination
- requested minimum mixing size
- requested ticket redeeming window
- blinded mixing ticket = blind(random string + payout address). We need random string so every ticket is unique.

Miners monitor received mixing intentions and if miner find set which can be used for creating Mixing Set he can create one.
Miner generates new key pair just for single Mixing Set and includes this key in header. With this key he make blind signatures of all mixing tickets and include such transaction in block.
When Mixing Set is included coins are taken from all participants but are not deposited anywhere.

All mixing participants can now see that their mixing intentions were included in blockchain. They unblind their tickets and with it create output transactions against Mixing Set (their tickets are signed with blocks private key).
Redeem transactions can be included in any next block until redeeming time is up.
When redeeming is over we can have 3 outcomes
- there was less redeemed tickets than input. In this case outputs are credited normally and creator of Mixing Set gets free money.
- all tickets was redeemed. Outputs are credited normally.
- there was more redeemed tickets than inputs. This mean creator of Mixing Set cheated so he looses his collateral (miner who mined block containing first extra ticket gets it) and money is returned to senders. Users can't ever loose their money.


Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
ondratra
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250



View Profile
May 29, 2013, 04:28:24 PM
#77

great idea! realize it if you can
stellarman
Jr. Member
*
Offline Offline

Activity: 60
Merit: 0


View Profile
May 31, 2013, 07:54:21 PM
#78

I am very interested in this mini-blockchain idea, and the other ideas in the thread. This could be a very major step forward for crypto-currency.

What steps are being taken to put this into code? What help or resources are needed? Is there any other thread I should be following to keep abreast of this?
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
June 01, 2013, 08:36:06 AM
#79

Could you maybe summarize how your proposal is different from "Ultimate Blockchain Compression" (https://bitcointalk.org/index.php?topic=88208.0. Ref [4] in your paper.)?

As far as I can see, the Account-Tree is more or less equivalent to the UTXO-Set and the Proof-Chain is equivalent to the merge-mined block-header.
I think it is similar, but is better because it drops unnecessary UXTO concept.
Yes, basically, that is the answer. It is quite similar in many ways but because we're not trying to apply a change on top of an existing blockchain scheme we can leave out many unnecessary features and make it more efficient, and much easier to build.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
June 01, 2013, 08:38:45 AM
#80

I am very interested in this mini-blockchain idea, and the other ideas in the thread. This could be a very major step forward for crypto-currency.

What steps are being taken to put this into code? What help or resources are needed? Is there any other thread I should be following to keep abreast of this?
Project implementation thread can be found at link below. As of yet no developers have come forward to help so if you can help in any way or know anyone who can, that would be helpful.

https://bitcointalk.org/index.php?topic=215936.0

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
June 01, 2013, 08:43:38 AM
#81

I am very interested in this mini-blockchain idea, and the other ideas in the thread. This could be a very major step forward for crypto-currency.

What steps are being taken to put this into code? What help or resources are needed? Is there any other thread I should be following to keep abreast of this?
Project implementation thread can be found at link below. As of yet no developers have come forward to help so if you can help in any way or know anyone who can, that would be helpful.

https://bitcointalk.org/index.php?topic=215936.0
Post this link in this thread first post. I'd like to contribute but didn't even know new thread was started.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
June 01, 2013, 08:47:10 AM
#82

I am very interested in this mini-blockchain idea, and the other ideas in the thread. This could be a very major step forward for crypto-currency.

What steps are being taken to put this into code? What help or resources are needed? Is there any other thread I should be following to keep abreast of this?
Project implementation thread can be found at link below. As of yet no developers have come forward to help so if you can help in any way or know anyone who can, that would be helpful.

https://bitcointalk.org/index.php?topic=215936.0
Post this link in this thread first post. I'd like to contribute but didn't even know new thread was started.
Good idea, I will do that now. I meant to send you a message with a link to that thread but I must have forgotten about it. At least you know now.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
stellarman
Jr. Member
*
Offline Offline

Activity: 60
Merit: 0


View Profile
June 01, 2013, 01:03:13 PM
#83

I am very interested in this mini-blockchain idea, and the other ideas in the thread. This could be a very major step forward for crypto-currency.

What steps are being taken to put this into code? What help or resources are needed? Is there any other thread I should be following to keep abreast of this?
Project implementation thread can be found at link below. As of yet no developers have come forward to help so if you can help in any way or know anyone who can, that would be helpful.

https://bitcointalk.org/index.php?topic=215936.0

Thanks. I am now following that thread as well.

I am not a coder myself, but am the software Product Manager at the company where I work. So, I might be able to help coordinate. And I am willing to contribute at least some to the funding. But, that still leaves a pressing need for some strong coders to help move this forward. I will be talking to a couple of programmers I know, who may not be strong in crypto (yet), but who may be interested. That's the best I can do at the moment.
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 2044
Merit: 1000



View Profile WWW
June 09, 2013, 06:07:16 PM
#84

The paper says each bitcoin is 10M satoshis, the correct number is 100M.

Let's consider some new awesome possibilities that arises when we get rid of bitcoin scripts and adopt account tree, so this thread won't die off.
Cryptocurrencies are almost useless without scripts.

This idea will obviously need to make use of P2SH; the account addresses will be hashes of scripts rather than public keys, and the defining script will be given in the spending transaction.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
June 12, 2013, 06:13:21 PM
#85

Cryptocurrencies are almost useless without scripts.
Any specifics? How many percent of current bitcoin transactions are something OTHER than simple pay to address? Is bitcoin useless because of it?

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 2044
Merit: 1000



View Profile WWW
June 12, 2013, 06:32:23 PM
#86

Cryptocurrencies are almost useless without scripts.
Any specifics? How many percent of current bitcoin transactions are something OTHER than simple pay to address? Is bitcoin useless because of it?
Close to 0%, but currently securing bitcoins is very hard and the system isn't very scalable. You need multisig and more sophisticated scripts to keep bitcoins secure, you need payment channels to allow trustless off-chain payments, etc.

And, yes, I currently enjoy very little utility from Bitcoin in its intended purpose. It will be more useful when it is more widespread, but that will happen only if it's scalable and easy to secure.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
June 12, 2013, 06:39:36 PM
#87

Close to 0%, but currently securing bitcoins is very hard and the system isn't very scalable. You need multisig and more sophisticated scripts to keep bitcoins secure, you need payment channels to allow trustless off-chain payments, etc.

And, yes, I currently enjoy very little utility from Bitcoin in its intended purpose. It will be more useful when it is more widespread, but that will happen only if it's scalable and easy to secure.
You don't need scripts to do multi-sig accounts. You can just define such account type. And defining account types in code is more powerful than scripts because you have access to full blockchain state. You can example make accounts with withdraw limits per day. And please do not say anything about scripts flexibility because in reality every use case of script needs to be enabled by developers and accepted by miners. They could as well just write code handling new account type.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 2044
Merit: 1000



View Profile WWW
June 12, 2013, 07:02:52 PM
#88

Close to 0%, but currently securing bitcoins is very hard and the system isn't very scalable. You need multisig and more sophisticated scripts to keep bitcoins secure, you need payment channels to allow trustless off-chain payments, etc.

And, yes, I currently enjoy very little utility from Bitcoin in its intended purpose. It will be more useful when it is more widespread, but that will happen only if it's scalable and easy to secure.
You don't need scripts to do multi-sig accounts. You can just define such account type. And defining account types in code is more powerful than scripts because you have access to current network state. You can example make accounts with withdraw limits per day. And please do not say anything about scripts flexibility because in reality every use case of script needs to be enabled by developers and accepted by miners. They could as well just write code handling new account type.
Ok, I have a better idea now of what it is you are suggesting, you could hard-code the more commonly needed functionality. However, I will say that scripts are more flexible, and furthermore that we should move away from having to approve each script individually.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
aaaxn
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
June 12, 2013, 07:09:32 PM
#89

Ok, I have a better idea now of what it is you are suggesting, you could hard-code the more commonly needed functionality. However, I will say that scripts are more flexible, and furthermore that we should move away from having to approve each script individually.
I don't think scripting will be enabled ever. It is too risky and would probably bloat blockchain too much. If however it can be done and will prove to be useful nothing stops us from creating new account type with spending script attached (or its hash). It's a win-win.

Tra

                             ╓███▄
                            ]████▌
                            ]███▀
         ╓▄▄█████████▄▄    ,▄█▀   
      ▄████▀▀█████   `▀▓██▀`     

    ╓████╜   ╙███████▄▄█▀▀`▀▄     
   ]███▌        "▀██████▌    ▓   
   ]███        ,▄█▀" ▀████   ]█   

    ▓██      ▄█▀▀     ▓███▌  █   
     ▀██╖ ╓▄█▀        ▓███▌ ▄█▌   
       ▀███▒         ╓███████`   

     ,▄██╜"▀▀█▄▄▄▄▄▄▄████▀▀       
   ,▄██▀                         
  ▄██▌                           

╓████▌                           
█████┘                           
 ▀▀▀                             
ion
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 Transitions You to A Crypto-ready Society 

Github   Telegram   Medium   Facebook   Twitter   Reddit   Youtube
███
███
███
███
███
███
███
███
███
███
███
███
███
███
 TRADE AND EARN DURING PRE-ICO 
u
\ \ \ \
/ / / /
PRE-SALE STARTS APRIL 15, 2018
/ / / /
\ \ \ \
u
███
███
███
███
███
███
███
███
███
███
███
███
███
███
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 15, 2013, 11:40:40 AM
#90

Now attack scenario. Suppose there is attacker with more than 50% of hashing power. He takes hash of current best block N and tries generating a next one but instead of using real account database he just create new one in which he holds all coins. If he is able to keep this chain in front of original one for as long as original network looses block N contents he can reveal his chain and it would look perfectly valid for all nodes because they lost track of how account database looked on block N.
It looks like algorithm presented in this paper is only as secure as mini blockchain is secure and if attacker could sustain 51% hashing power for as long as mini blockchain cycle completes it could cause much more severe problems than in bitcoin, because attacker could rewrite entire account balances database and not just make some double spends.

Essentially Bitcoin has the same risk for clients that don't download the entire transaction history, and the solution is the same which is to ask the peers that have the relevant transaction history to prove which chain is not valid.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 15, 2013, 07:44:17 PM
#91

The following is helpful discussion, but appears to me to be somewhat wrong:

http://bitfreak.info/mbc-wiki/index.php?title=Secure_0-confirmation_transactions

Here is what I have written thus far on this:

Quote
1-Confirmation Transactions

To successful double-spend or unspend, the theft transaction needs to be placed in a block that will become orphaned and the winning chain must be obscured from the merchant accepting the 1-confirmation transaction. There is no reliable way to accomplish this attack on every attempt without 50+% of the PoW resources. So for small ticket items where rare theft is tolerable, the merchant can accept 1-confirmation transactions. An improvement would be to punish any transaction which overdraws the sender's balance, by charging a percentage fine of the balance that is not given to anyone (don't want to reward miners for this beyond the transaction fee which must be less than the fine, since the attacker may be the miner). When the attack succeeds, there won't be any balance to punish. However, since the attack doesn't succeed every time, then the punishment would further discourage the attack.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 05:12:33 AM
#92

Note there is some new discussion in the implementation thread for this proposed coin:

https://bitcointalk.org/index.php?topic=286536.msg3342106#msg3342106

Bitfreak!, aaaxn, bytemaster et. al have convinced me that the community can design better than I can alone. Although I independently realized most of the things they also realized, there are nuances and details which the group has hashed out better than one person could alone. Thus I would like to open the design to the community of my altcoin, if we can agree.

There is another thread:

https://bitcointalk.org/index.php?topic=215936.0

I would like to see if we can discuss now which additional features are desirable and the design of such features we agree on beyond what has already been agreed upon and designed for this proposed altcoin.

I do agree that we should not overly complicate the initial design. Yet I disagree that we should only do a proof-of-concept of only one feature improvement over Bitcoin, because the effort required really demands going all the way to marketing a new coin and hard forks are very difficult so we only get one chance to put the features that we want into the coin. We should choose very judiciously the features which are extremely important.

We will need to nail down whether the ideas presented by aaaxn on how to do scripting-like features (multisig, etc) have to be incorporated from launch or if they can be added later without requiring a hard fork.

I did two polls which you can find from the following post:

https://bitcointalk.org/index.php?topic=279340.msg3346774#msg3346774

Block chain scaling is the #2 most requested feature, yet anonymity is #1 by far.

So let me start by jumping into my current thoughts on anonymity.

First of all, I have just recently abandoned mixers entirely as an anonymity solution (which was a shocking, unexpected realization for me too):

https://bitcointalk.org/index.php?topic=279249.msg3343568#msg3343568

I quote below what I have written down thus far in a whitepaper I was composing.

Quote
Anonymity

All known existing solutions for anonymizing the IP address, e.g. Tor, I2P darknet, anoncoin, etc., are not secure against timing attacks.[13] Assuming that problem is solved, then a remaining problem is how to delink spends from other spends. Paradigms which mix coins from numerous identities only provide plausible deniability since the hashes of the addresses of all the input coins are in the public record, and the probability of deniability is reduced by the percentage of inputs provided by an attacker or participants who leak their identity to their outputs. Decentralized mixers are difficult to design to be resistant to DoS attackers, although Zerocoin might be a solution.[14] It is possible that some vendors might not accept coins that originated from mixers due to "know your customer" anti-money laundering concerns.[15] Thus the most robust solution is to obtain coins anonymously with small values. This can be done by mining coins, or anonymously receiving payment in coins. Unless the attacker has a list of all the customers, by giving a unique destination address to each customer then it is impossible to correlate that these coins belong to the same vendor. If coins can be anonymously converted into cash or mining hardware, they can be anonymized.

[13] https://bitcointalk.org/index.php?topic=279249.msg3109291#msg3109291
[14] https://bitcointalk.org/index.php?topic=279249.0
[15] https://bitcointalk.org/index.php?topic=175156.msg2318052#msg2318052

So it appears to me that in order to have anonymity of IP addresses, every peer on the network has to be forced to communicate via a mix-net otherwise those miners who anonymize their IP are at a disadvantage timing-wise and all peers who anonymize their IP are tainted by those who don't. And that mix-net can't be low-latency so that timing attacks can be prevented. And unlike Tor and more like I2P darknet, the number of hops must be more than 3 and all nodes must participate in the routing (not just dedicated nodes). Preventing DoS is an open issue.

Timing attacks are possible when nodes route anonymized (i.e. encrypted) onion layers in the order and near-time they receive them, thus making it possible to detect the flow not based on content, but based on the relative timing that packets are routed.

It seems to me that we will need to build this into the coin if we want any hope of strong (trustable) anonymity.

Note privacy and anonymity are not always inseparable. For example, if Satoshi spent all his coins today, we would know with high probability it is him (i.e. he lost his privacy), but we wouldn't necessarily know who he is (he didn't lose his anonymity). Yet spending that many coins without revealing identity is nearly impossible, thus often the two concepts are inseparable.

Society demands privacy, but it often frowns on anonymity, i.e. our bank doesn't tell the world our purchases of pornography (privacy), but the authorities have access to this data via warrant (not perfect anonymity).

Perhaps we can construct a sound argument that we don't have privacy at all without the anonymity of IP address. Can anyone help me with that logic?

P.S. note that mining on PCs could become realistic again with the mini-blockchain and a high DRAM requirement for the PoW which can't be defeated by GPUs (I have a rough sketch already).

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 06:19:37 AM
#93

Let's talk about debasement. It ends in Bitcoin 2033 and my deep understanding of money indicates that will doom Bitcoin long-term.

I want to try to educate and convince you that perpetual debasement is good and we really need it. This is a difficult shift in mindset for many people, because they've adopted some concepts which are not correct. I explained this more exhaustively but spread out across dozens of  past posts and will have to go dig up all my prior points and condense at some point. I have studied this issue for several years, and I am somewhat mathematical. If you spend enough time on it and are rational, you will come to the same conclusion; it is not a subjective conclusion.

Let me take a stab now at summarizing although I am likely to miss some key points without a more exhaustive review of all my past posts on this issue.

1. The debasement of mined (above ground) gold never stops, i.e. it is roughly 1 - 3% per year throughout history.

2. Debasement funds mining, and mining is essential to a coin's PoW security. Transaction fees can also fund, but debasement consistently funds on every block.

3. The most reliable way to obtain coins anonymously is mining. Debasement provides it in small chunks and my realization on anonymity (see my prior post) is we need small chunks to delink spends. Transactions fees destroy the small chunks if they are too large, thus I would prefer they are scaled and set by the protocol.

4. I found data since the 1800s for the USA that showed that wages and money supply both increased nominally roughly 5.6% per year compounded. The point is that monetary inflation is not bad because it feeds back to workers. What is bad is when a central authority controls the timing and amount of debasement, because they can structure so that certain opaque (hidden) entities gain more. With a transparent (open and known a priori) protocol based schedule for debasement, no one can benefit in an opaque manner by manipulating the timing and rate.

5. Perpetual debasement continually diminishes the premine, and realistically you don't get dedicated serious developers without a premine. I know bytemaster's organization is attempting to profit without a premine, but before we can cite that as an exception they must prove it, and Litecoin isn't a significant deviation from Bitcoin.

6. Without debasement, capital has less incentive to invest, as it can gain value via deflation by being held unproductively. Note if everyone holds their capital unproductive, then deflation spirals into a dark age which is very difficult (as in an average of 600 years with several historic cases) to get out of, because those with capital invest in armies to protect their capital not in production, e.g. feudalism. This is why gold is never a sustainable money throughout history, because society fights against capitalists who want to hoard capital instead of risk investment in production. Without debasement, the value of your house can't go up, if wages don't go up, and the investor can't get return on his investment, nor can the interest rate for loans be paid. How can you pay an increase if there is not an increase in the money supply. I realize that capital from losers can end up with the winners, yet one issue is consistent winners aggregate too much capital and can't maintain growth without doing Olsen capture[2]  of the system (because smaller things grow faster, e.g. saplings grow to mature trees, but not to the moon or the guy selling cold mineral water on a hot day can double or triple his investment in a day, but Warren Buffett could never do that with his $billions in a day). And then note that it is impossible to eliminate the desire of humans to use debt, yet debt can't be serviced without debasement since the losers are always backstopped by insurance and thus society as a whole. So the huge-scale capitalists always move into usury finance to maintain portfolio value growth. If instead we take away that option with deflation, then they either defeat us or turn to protecting their capital into a dark age, because their size is too large to always win with investment. So we've got to issue money that is compatible with human nature, and thus there must be perpetual debasement. There is no panacea that can come from ending debasement.

[2] Eric S. Raymond, "Some Iron Laws of Political Economics", Armed and Dangerous blog

So pleeeeassssseeee throw away that "goldbug" nonsense. The economy can't be a constant. It has to have a business cycle wave function of expansion and contraction, because of the fact that nothing in this world is perfectly frictionless and inertia is required else we wouldn't exist. I suggest reading my blog to gain some insights on this on a more abstract level especially The Universe:

http://unheresy.com/

7. Absence of debasement steals from those who produce and gives to those who sit on their capital unproductively. The increased production along with deflation rewards the miser with increased goods and services for hoarding and not investing. Yet we shouldn't entirely diminish idle savings overnight, because of the lesson of saving during the 7 productive years to sustain during the 7 lean years (Biblical story that reflects the reality of the wave function of The Universe). So we need a balance between no debasement and infinite debasement. Gold appears to be a bit too low, as even the natural human population growth rate is probably more than 2% (at the peak of the western debt bubble birth rates have collapsed with 40 million abortions per year and contraception from age 15, but historically the long skirts come back, marriage comes back, and reproduction returns when the debt bubbles collapse):

http://armstrongeconomics.com/2013/10/01/what-socialism-destroyed-govt-shutdown/

Quote
What must be stated openly is that the New Deal of Roosevelt has actually destroyed the very fabric that formed society that nobody wants to look at no less discuss.

For centuries, people had children to provide for their own retirement. Family units were the social structure. The sad part of socialism is how this family unit was fundamentally destroyed by socialism. Once social security was created, children were relieved of the burden of taking care of their parents that became governments job. People were told to save conservatively. They salted away money often in government bonds. Now government has been so fiscally irresponsible, they have to keep interest rates low not to stimulate the economy, but to control their own perpetual deficits.

The retired can no longer live off of their savings. Their home has proven to be anything other than the savings for retirement as annual property taxes alone approach the cost of the house in the 1950s. Pensions are insolvent and taxes only rise perpetually. It now takes two incomes for a family to survive. The New Deal has failed on every level.


P.S. The following is wild conjecture (not scientific enough) and shouldn't be taken very seriously. 2033 is the target year for the current global financial crisis to bottom and a renewal to begin, i.e. it would correlate with roughly the 1950s and the end of the world wars (on the 78 year repeating crisis cycle that can be traced back throughout all of history, i.e. 3 x 26 reproductive maturity generations). Is it just a coincidence that Satoshi chose that year to end debasement. We will probably never know. I am not encouraging extended discussion on this speculative conjecture (the P.S.). I just wanted to note the (somewhat unscientific) correlation. Correlation is not always meaningful.

Here is a link to some conjecture about what may happen between now and 2033:

https://bitcointalk.org/index.php?topic=279771.msg3340053#msg3340053

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 07:54:05 AM
#94

Incomplete, rough draft of whitepaper I was composing...


Bitcoin Proof-of-work and Block Chain

In the seminal Bitcoin whitepaper[1] Satoshi somewhat obscured the essential weakness of financial institutions that they are captured by the asymmetrical vested interests of society described by Olsen[2] which is to the detriment of individual empowerment. Ultimately it is the lack of anonymity of the institutions and transactions which allows society to identify them and thus the asymmetrical vested interests to capture them. Instead Satoshi emphasized transaction reversibility as the problem, but which is rather a sometimes desireable feature that is not necessarily incompatible with anonymity in all cases.

Financial transactions must be recorded in a public or private ledger trusted by both the spender and the recipient, otherwise funds could be unspent or double-spent to a plurality of recipients. To provide a ledger that can't be captured, Satoshi described a proof-of-work (PoW) scheme where transaction peers communicating over the network compete to be the first to solve a computational puzzle which is unique for each block of transactions added to a public ledger. The security of this ledger against double-spends has three (3) essential requirements.

1. The computational puzzle can't be preimaged, i.e. nothing can be known about solving the puzzle until the prior block's puzzle is solved.

2. Without at least 50% of the aggregate computational power of all transaction peers, it is not possible to create a modified chain of blocks starting from any present or past block, which would contain more blocks than the block chain controlled by the remaining cooperating peers. Thus the longer chain is trusted.

3. The block chain is cryptographically linked in forward order, such that the historical proof-of-work and transactions can be independently verified at any time in the future. Thus the transaction peers may leave and rejoin the network at will without need for a trusted centralized storage.

Note security point #1 eliminates from consideration PoW schemes in which the puzzle is some real-world computational work because the puzzles are known a priori and are thus pre-imageable. Non-PoW voting and membership schemes disqualify because the ordering of designation of authority (to decide which transactions are in each block) to transaction peers is pre-imageable, or requires peers trusted by reputation which is centralizing on a slippery slope towards Olsen capture.

Bitcoin's blockchain stores sender(s) signed hashes of the transaction data, which includes the nonce transaction id and hash(es) of the destination public key(s). The monetary value of each hash of the public key is computed from the transactions history. Satoshi suggested pruning historical transactions from the blockchain which are no longer relevant to computation and security of the set of unspent coins (a.k.a. Unspent Transaction Output Set or UTXO).[3] Note hashes of destination public keys[4] obscure the asymmetric public key cryptography from attempted attacks until a spend transaction is sent from the public key. However, this is not sufficient to assure with the same confidence as for symmetric key cryptography that an attack can't occur once the spend transaction is sent.[5]

Mini-Block Chain

The pruned Merkel transaction tree is not the most compact data structure possible, because an additional hash must be stored for each branch of the tree to each unpruned transaction[3], sender signature(s) are stored for each unspent coin, and transactions can't be pruned until all outputs are spent.[6] Note these transaction peers resource requirements only apply to startup download bandwidth, startup verification DRAM, and ongoing disk space, because the UXTO balances and hashes of each unspent coin address can be kept ongoing in DRAM without the signatures.

However if the public key account balances are separately stored, then the signatures only need to be kept for N blocks, where N is high enough to guarantee with sufficient probability that the peer's current chain won't be orphaned by a competing fork that gains more than N blocks x difficulty to become the accepted chain. For example in Bitcoin miner coinbase transactions can't be spent for 100 blocks[7].

A separate "proof chain"[8] linked since the genesis block is necessary, otherwise an attacker could utilize unlimited time to construct a fake chain with more than N blocks x difficulty. Note each PoW puzzle solution difficulty (i.e. the number of zero bits in the block's hash) is independent of the transaction data in the block, thus constructing a fake proof chain requires the same historical resources as the legitimate proof chain. Including a hash of the account balances in the corresponding block links their veracity to the longest chain. If an attacker creates fake account balances that have a hash that agrees with some block, and is able to outpace the difficulty of the rest of the legitimate peers, it could erase preexisting and create new account balances.[9] Thus the 50+% attack would be more dangerous. However this can be mitigated to the same extent that Bitcoin does with community resources to store the entire block chain transaction history linked from the genesis block. These super peers with sufficient resources would be entrusted to detect and show the proof of a 50+% attack.

To help insure that transaction signatures are not replayed, transaction inputs could be entirely spent to outputs which include a new address for the change. Signing a hash of the transaction which included a nonce (e.g. the transaction id in Bitcoin) would not be secure for the transaction peers which don't download the entire community transaction block chain history. Note the replay could still occur if the fully spent input address was ever sent a sufficient balance again. Signing a hash of the transaction which included the block id and allowed the transaction to appear once in any one of the M (where M <= N) blocks that followed, is probably a superior solution.

The transactions would not need to be stored in a Merkel tree since the only reason for doing so is to be able to verify remaining transactions against the block header after pruning and to support simplified payment verification[10] which is unnecessary because fully verifying peers would have optimized resource requirements. The data structure for the account balances has to meet certain requirements.[11]

The DRAM and download footprint would be dominated by the account balances data structure.[12] To eliminate the useless proliferation of public keys, the block chain would not accept transactions that create non-zero balances less than some quantity of coin (e.g. 0.01 BTC).

Since transaction sender signature size becomes an insignificant factor (except for the super peers), the relatively insecure ECDSA of Bitcoin can be replaced with Lamport signatures with extraordinary long key lengths, e.g. 4096 bit.[5]

Anonymity

All known existing solutions for anonymizing the IP address, e.g. Tor, I2P darknet, anoncoin, etc., are not secure against timing attacks.[13] Assuming that problem is solved, then a remaining problem is how to delink spends from other spends. Paradigms which mix coins from numerous identities only provide plausible deniability since the hashes of the addresses of all the input coins are in the public record, and the probability of deniability is reduced by the percentage of inputs provided by an attacker or participants who leak their identity to their outputs. Decentralized mixers are difficult to design to be resistant to DoS attackers, although Zerocoin might be a solution.[14] It is possible that some vendors might not accept coins that originated from mixers due to "know your customer" anti-money laundering concerns.[15] Thus the most robust solution is to obtain coins anonymously with small values. This can be done by mining coins, or anonymously receiving payment in coins. Unless the attacker has a list of all the customers, by giving a unique destination address to each customer then it is impossible to correlate that these coins belong to the same vendor. If coins can be anonymously converted into cash or mining hardware, they can be anonymized.

1-Confirmation Transactions

To successful double-spend or unspend, the theft transaction needs to be placed in a block that will become orphaned and the winning chain must be obscured from the merchant accepting the 1-confirmation transaction. There is no reliable way to accomplish this attack on every attempt without 50+% of the PoW resources. So for small ticket items where rare theft is tolerable, the merchant can accept 1-confirmation transactions. An improvement would be to punish any transaction which overdraws the sender's balance, by charging a percentage fine of the balance that is not given to anyone (don't want to reward miners for this beyond the transaction fee which must be less than the fine, since the attacker may be the miner). When the attack succeeds, there won't be any balance to punish. However, since the attack doesn't succeed every time, then the punishment would further discourage the attack.

[1] Satoshi Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System", 1. Introduction
[2] Eric S. Raymond, "Some Iron Laws of Political Economics", Armed and Dangerous blog
[3] Satoshi Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System", 7. Reclaiming Disk Space
[4] https://en.bitcoin.it/wiki/Protocol_specification#Addresses
[5] AnonyMint, "How is same signed transaction not reusable, also quantum security of ECDSA?", https://bitcointalk.org/index.php?topic=309594.0
[6] https://bitcointalk.org/index.php?topic=215936.msg2268831#msg2268831
[7] https://bitcointalk.org/index.php?topic=145666.msg1546809#msg1546809
[8] J.D. Bruce, "Mini-Blockchain Project wiki, Proof Chain", http://bitfreak.info/mbc-wiki/index.php?title=Proof_chain
[9] http://bitfreak.info/mbc-wiki/index.php?title=Weaknesses_and_attack_vectors#The_Secret_Chain_Attack
[10] Satoshi Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System", 8. Simplified Payment Verification
[11] J.D. Bruce, "Mini-Blockchain Project wiki, Account Tree Structure", http://bitfreak.info/mbc-wiki/index.php?title=Account_tree#Requirements_of_Account_Tree_Structure
[12] https://bitcointalk.org/index.php?topic=215936.msg2556839#msg2556839
[13] https://bitcointalk.org/index.php?topic=279249.msg3109291#msg3109291
[14] https://bitcointalk.org/index.php?topic=279249.0
[15] https://bitcointalk.org/index.php?topic=175156.msg2318052#msg2318052

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
October 16, 2013, 08:24:25 AM
#95

Any scheme providing a private and public key is asymmetric cryptography. Note the use of two keys.

Quote
Signing a hash of the transaction which included a nonce (e.g. the transaction id in Bitcoin)

You still misunderstand bitcoin transactions.

Quote
The transactions would not need to be stored in a Merkel tree since the only reason for doing so is to be able to verify remaining transactions against the block header after pruning and to support simplified payment verification[10] which is unnecessary because fully verifying peers would have optimized resource requirements.

Your argument assumes that all peers will be fully verifying just because it is easier than bitcoin. It is still not easy.

Quote
Since transaction sender signature size becomes an insignificant factor (except for the super peers), the relatively insecure ECDSA of Bitcoin can be replaced with Lamport signatures with extraordinary long key lengths, e.g. 4096 bit.

And bandwidth constraints are completely disacknowledged for the cherry on top. Replace storage unscalability with bandwidth unscalability and pretend no one notices? Right.

bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
October 16, 2013, 08:29:26 AM
#96

1. The debasement of mined (above ground) gold never stops, i.e. it is roughly 1 - 3% per year throughout history.
It will eventually stop though, there is only so much gold in the Earth. Personally I don't think perpetual debasement is a desirable thing but this is really a debate for another thread. Like I've said many times, I want to avoid any controversial changes, and perpetual debasement is certainly one of the most controversial changes possible.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 08:55:25 AM
#97

Any scheme providing a private and public key is asymmetric cryptography. Note the use of two keys.

Yes. What are you replying to? Are you thinking of where I wrote in another thread that Bruce Schneier recommends using symmetric key when ever possible, and I am mentioning Lamport signatures in that context because even though they are asymmetric, my understanding is they avoid the factoring math that drives Bruce's concern about public-key cryptography.

Quote
Signing a hash of the transaction which included a nonce (e.g. the transaction id in Bitcoin)

You still misunderstand bitcoin transactions.

I am simplifying the generative essence for the conceptual purpose of the context, not describing exactly the Bitcoin protocol in great detail (as that would obfuscate the point I am making for the new protocol).

Quote
The transactions would not need to be stored in a Merkel tree since the only reason for doing so is to be able to verify remaining transactions against the block header after pruning and to support simplified payment verification[10] which is unnecessary because fully verifying peers would have optimized resource requirements.

Your argument assumes that all peers will be fully verifying just because it is easier than bitcoin. It is still not easy.

Let's talk specifics.

Quote
Since transaction sender signature size becomes an insignificant factor (except for the super peers), the relatively insecure ECDSA of Bitcoin can be replaced with Lamport signatures with extraordinary long key lengths, e.g. 4096 bit.

And bandwidth constraints are completely disacknowledged for the cherry on top. Replace storage unscalability with bandwidth unscalability and pretend no one notices? Right.

We only keep N blocks of signatures so what is your point? The super peers (which keep all history) are super Wink

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
October 16, 2013, 08:57:44 AM
#98

We only keep N blocks of signatures so what is your point? The super peers (which keep all history) are super Wink

Sounds like centralization to me.

AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 09:03:14 AM
#99

We only keep N blocks of signatures so what is your point? The super peers (which keep all history) are super Wink

Sounds like centralization to me.

Then you are arguing against the Mini-blockchain design, and also against Bitcoin's design. And we know you hate PoW and the Bitcoin blockchain. But that is what we are implementing.

Yes it is centralization but it enables decentralization of most of the peers and we only need to trust the super peers when there is a 50+% attack. And we assume they will be watched by the community. We don't trust them on real-time matters where they can sneak it past us.

If PoS is better at reducing risks from centralization, then one can argue that. I think the designers of this have stated they want to go with PoW for now. The PoS version would be another thread I assume?

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
October 16, 2013, 09:05:47 AM

Powerful argumentation, as always.

AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 09:19:18 AM

Powerful argumentation, as always.

I added a nod to PoS, because I am not omniscient. Let others try to show it is less centralizing if they can. But perhaps not in this thread?

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
October 16, 2013, 10:00:59 AM

Then you are arguing against the Mini-blockchain design, and also against Bitcoin's design.
What is centralized about Bitcoin or the mini-blockchain design? The mini-blockchain design is sort of centralized in the sense that new nodes can rely on older nodes who have stored a lot of history, but there is no absolute requirement for any node to store anything more than the few days of history that the mini-blockchain requires and there are ways for the network to defend its self against attacks even if none of the nodes choose to store long term history.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 10:31:17 AM

Then you are arguing against the Mini-blockchain design, and also against Bitcoin's design.
What is centralized about Bitcoin or the mini-blockchain design? The mini-blockchain design is sort of centralized in the sense that new nodes can rely on older nodes who have stored a lot of history, but there is no absolute requirement for any node to store anything more than the few days of history that the mini-blockchain requires and there are ways for the network to defend its self against attacks even if none of the nodes choose to store long term history.

I am not sure if you were addressing this to me or Etlase2. You quoted me so I will reply.

Isn't the applicable discussion the specifics of 50+% attack and how we resolve it?

http://bitfreak.info/mbc-wiki/index.php?title=Weaknesses_and_attack_vectors#The_Secret_Chain_Attack

I need to do some more thinking about the proposals for resolving it. In any case, lightweight peers are relying on "super" peers which have been online longer or otherwise have more history saved. Ditto for Bitcoin.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 11:35:35 AM

I want to be very careful how I word my reply to this (which is why I didn't reply immediately because I am often not as careful in my forum posts as I am with programming code), because I really want to convince you to be as objective as possible without being condescending or otherwise using force. My goal should be to try to explain to you what I think is objective and why. Also to try to catch myself where I am not balancing objectivity of money against objectivity of realities of attaining consensus. And let's see where it takes us.

My long-winded way of saying let's both take a deep breath and try our best to discuss this objectively.

1. The debasement of mined (above ground) gold never stops, i.e. it is roughly 1 - 3% per year throughout history.
It will eventually stop though, there is only so much gold in the Earth.

Can I be very matter-of-fact without sounding like a jerk or unfriendly?

Richard Branson is already talking about mining asteroids. Malthusians have always been wrong since the dawn of civilization. I explained why in this blog:

http://unheresy.com/Information%20Is%20Alive.html#2nd_Law_of_Thermo

Do you remember the peak oil lunatics (apologies to any who haven't read the latest news)? We are now finding more oil and natural gas than we can consume in Australia and other places. Cars already run on natural gas (Honda has one for sale in the USA). When I was ridiculing them years ago, I did it by showing the entire world uses as much oil as would be produced by a medium size river flowing in oil. It is insane to think we are any where near tapping out the resources on earth. People will believe anything they read in the mass media even when it is complete nonsense from any scientific calculation.

Even if that was a true statement, it is objectively irrelevant because gold mining will continue on earth until long after we are dead.

And so if the point was to say Bitcoin won't be stricter than gold, it is objectively false.

Personally I don't think perpetual debasement is a desirable thing but this is really a debate for another thread.

But inherent in your subjectivity is that you deeply believe it is better have a strictly limited money supply. And this sort of belief is irrational but it seems very difficult to get believers to study it objectively. Note I used to think the way you do back in 2006, just drill down the link in the following quote and you will find my writings promoting silver and gold (luckily I wised up and never sent that email to Cool Page users):


Thus having suffered from that delusion  Embarrassed  Lips sealed  Cry (and lost a lot of money and time away from programming too!) and now having emerged from it and seen the rational truth, I don't want to go backwards. I'd rather try to educate others, or let them explain to me why my logic is not objective (then I could go backwards, but they won't be able to, because I've thought about this for years).

I still own silver, but this is because I expect a wipeout and reset of the global financial system, not because I expect a strict monetary system to ever have any practical use. It has never been the case throughout all of history that there is existed a strict money. Never! Some people try to cite the 1800s in the USA, but they forget the private banks were printing fractional reserve gold receipts, because society can't run without debasement. Either you get it officially or you get it by cheating and bank runs every few years as we had in the tumultuous 1800s which is why we eventually ended up with a central bank system. Others cite Byzantine Empire of Eastern Rome but they don't realize that gold was being imported continuously, thus the money supply was always expanding. As that reversed, the empire collapsed.

If we do a coin where debasement ends, then it will not live long.

Like I've said many times, I want to avoid any controversial changes, and perpetual debasement is certainly one of the most controversial changes possible.

We can surely create two coins, one with and one without. That is like a one line change in the source code.

Moldbug's point is that there can only be one blockchain that wins. This is the nature of money.

We have very low chance of winning against Bitcoin (you underestimated how many developers would want to develop this and you are underestimating how much power the mini-blockchain has by itself against Bitcoin, because first-to-market is nearly everything in cases where there can only be one, e.g. MS Windoze). We will need to be different to have any chance.

And not just a little bit different. We need to be different in every critical way.

And this is critical not just because of the monetary theory and PROVEN HISTORY, but also because we need debasement to make certain things work correctly as we are discussing in the other thread for the implementation.

A few percent per year debasement isn't going to hurt any savers in the coin as it is exploding in value 1000%, and it bringing more into mining economy means the coin has more users and thus will grow adoption faster.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
October 16, 2013, 11:46:25 AM

Isn't the applicable discussion the specifics of 50+% attack and how we resolve it?
Like I said, it is helpful in resolving a secret chain attack (which is different to a 51% attack) but not absolutely necessary. In the worste case scenario (where new nodes are unable to find any old node with a sufficient amount of history) the client will simply refuse to participate in the network until the conflict is resolved or until it receives an updated checkpoint from the user which points to the correct chain. In this way we exclude any possibility of the attacker tricking and "recruiting" new nodes, vastly lowering the chances that it could ever succeed in overwhelming the rest of the network.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
October 16, 2013, 11:56:47 AM

Richard Branson is already talking about mining asteroids. Malthusians have always been wrong since the dawn of civilization. I explained why in this blog:
While I don't want to get into a debate about monetary policies, I want to post a link to this article I wrote because it explains exactly why I think the way I think when it comes to economics: True Money. But I also want to point out that there is a limit to how much gold can be mined from other planets or asteroids, and that is because if we increase the mass of the Earth too much it will cause our orbit to become unstable. The people who inevitably always prove to be wrong are the ones who believe in perpetual anything. Everything has its limits and if you don't respect those natural limits the whole thing will come crashing down.

Quote
Even if that was a true statement, it is objectively irrelevant because gold mining will continue on earth until long after we are dead.
Yeah well the last of the bitcoins probably wont be mined until after we are dead so I don't quite see your point.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 12:17:59 PM

Richard Branson is already talking about mining asteroids. Malthusians have always been wrong since the dawn of civilization. I explained why in this blog:
While I don't want to get into a debate about monetary policies, I want to post a link to this article I wrote because it explains exactly why I think the way I think when it comes to economics: True Money.

From your link:

Quote
As we can see, the single most important property of any currency is the ability of the currency to hold value over time

That statement has never been true even once in the history of the world.

Every single currency has died. The evidently most important property of a currency is that society can debase it.

I believe in science, which means we must measure our theories against measured reality.

Where has your reality ever existed in the history of the world since Mesopotamia? Can you give me even one example where that statement has been true? If your basis statement is false, then what do you have objectively remaining?

Any way, you take the coin with no debasement and I will take the coin with it, and let's see what the market chooses.

As I said, it is only a small change in the source code.

So no problem? But will you FEEL you don't want me to be involved because you know I will create a version with small, perpetual debasement? Subjectivity stinks. Much better when everyone involved is rational, so emotions don't mess us up.

Also two coins dilutes our energies somewhat doesn't it.

But I also want to point out that there is a limit to how much gold can be mined from other planets or asteroids, and that is because if we increase the mass of the Earth too much it will cause our orbit to become unstable.

Scientifically false.

6,000,000,000,000,000,000,000 tonnes versus
170,000 tonnes.

The people who inevitably always prove to be wrong are the ones who believe in perpetual anything. Everything has its limits and if you don't respect those natural limits the whole thing will come crashing down.

Calculations are more important than irrational beliefs.

Somethings run in effect perpetually, at least on our relevant timescale.

Quote
Even if that was a true statement, it is objectively irrelevant because gold mining will continue on earth until long after we are dead.

Yeah well the last of the bitcoins probably wont be mined until after we are dead so I don't quite see your point.

I will be 68 in 2033. The rate of debasement will be miniscule a decade before that.

The point is you were implying gold would one day stop debasing, yet that couldn't possibly be in the next 1000 years, so Bitcoin ending in 2033 is much stricter than gold. And even gold has never been a currency without being debased.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 12:32:31 PM

What will happen as it does after every debt crisis and reset is interest rates will be skyhigh.

So investors will want to buy bonds. But Bitcoin won't be able to back bonds, because it doesn't debase. So fractional reserves will be built on top of Bitcoin or more likely it will be forsaken (cartels will likely control it by then, we can see it already headed that way now) and the new digital fiat currencies will be preferred by investors.

Actually it doesn't really matter. If end the debasement just to appease goldbugs (assuming that is the main audience now), then who cares when we end up with the NWO digital fiat currency. Wink

Just make our money now and we will be old then any way. Maybe I can consider to hold my nose and just nevermind what is long-term correct.

Are we sure we want to be exactly the same as Bitcoin? The survey says there is a market for perpetual debasement. We will give that market away while reducing our differences from Bitcoin. Wise?

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 01:00:24 PM

Remember that coins are perpetually lost (ditto in Bitcoin) so without creating new coins forever, the system will eventually have 0 coins.

While I don't want to get into a debate about monetary policies

Okay then how about we look at this from the objectivity of making the coin work correctly?

One potential attack vector is that as debasement ends, then miners must depend on transaction fees. But a cartel could offer to process transactions for 0 tx fees (or even negative tx fees...by sending a refund tx), thus bankrupting the other miners (users would see they can send 0 tx fee txs), thus allowing them to own the coin. This is another reason I think we should set tx fees with the protocol (see my other reason upthread). Setting a tx fee could replace debasement, but it is not consistently the same for each block and cartels might not relay all transactions (and they might be able to siphon them to them with their marketing, e.g. Amazon offering a Bitcoin client). So potentially independent miners could still be driven bankrupt. This was debated exhaustively in my Bitcoin : The Digital Kill Switch thread, and no one was able to refute it.

Without debasement, there is no way to get non-tainted virgin coins (every coin will have a history possibly all passing through illegal activity at some point). Taint is a real-world issue:

http://www.nestmann.com/civil-forfeiture-of-cash-it-could-happen-to-you

Quote
Proving that your cash is connected to a crime is surprisingly easy to demonstrate. That's because 97% or more of cash circulating today contains tiny concentrations of narcotics residuesprimarily cocaine. All police need to do is to bring in a drug-sniffing dog to inspect the cash.  If the dog alerts, police seize the cash. And, under civil forfeiture rules, it's up to you to prove that the cash has a legitimate origin.

Consider the case of Emiliano Gomez Gonzolez. During a traffic stop, Nebraska state troopers asked Gonzolez for permission to search his vehicle. During the search, the troopers found bundles of currency totaling $124,700. Based on a dog sniff, police seized all the money.

Gonzolez contested the forfeiture in court. Prosecutors neither convicted nor accused Gomez or any of the other owners of the seized cash of any crime. Nor did police find any drugs, drug paraphernalia, or drug records connected to the cash. Despite these facts, a federal appeals court upheld the confiscation of every dollar found in the vehicle.

With a cartel above, then no way to get coins anonymously from mining any more.

So what is wrong with a 3 or 5% per year debasement?

What you really want to avoid is the following, i.e. 50 - 100% per year:

http://armstrongeconomics.com/2013/10/16/fed-balance-sheet-lack-of-oversight/


unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 01:32:16 PM

Readers please make your opinions known by at least voting on the polls at following links:

Features:
https://bitcointalk.org/index.php?topic=279340.0

Rate of debasement:
https://bitcointalk.org/index.php?topic=311668.0

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
klee
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000



View Profile
October 16, 2013, 03:15:58 PM

AnonyMint try to make a thorium coin instead of a gold or silver one (Bitcoin/Litecoin).
Probably it would do the trick (debasement, scarcity etc).

Just my out of the box thought..
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 03:19:37 PM

Isn't the applicable discussion the specifics of 50+% attack and how we resolve it?
Like I said, it is helpful in resolving a secret chain attack (which is different to a 51% attack) but not absolutely necessary. In the worste case scenario (where new nodes are unable to find any old node with a sufficient amount of history) the client will simply refuse to participate in the network until the conflict is resolved or until it receives an updated checkpoint from the user which points to the correct chain. In this way we exclude any possibility of the attacker tricking and "recruiting" new nodes, vastly lowering the chances that it could ever succeed in overwhelming the rest of the network.

To be pedantic, technically the term "51%" is incorrect. From Satoshi's whitepaper, it only takes infinitesimally more than 50%, which is why I write 50+%.

If I am not mistaken this secret chain attack is still a 50+% attack, because the attacker must be able to generate new PoW solutions (at same or greater difficulty) faster than the cooperating, honest peers.

The centralizing aspect is we depend on those super nodes (peers) to provide the historical evidence to help resolve the attack, or we wait for checkpoint to come from community. Both are not perfectly decentralized methods of resolution, but I don't think this presents a major problem, as I argued to Etlase2.  As far as I can see, Bitcoin has the analogous centralized resolution to a 50+% attack, because light clients can't resolve these issues without trusting the full nodes. Bitcoin must trust the full nodes for mining, verifying transactions, etc, so it is much more centralizing in real-time in normal scenarios. Thus conceptually the mini-blockchain is superior (we have to prove it in real world though).

P.S. my argumentative style is intended to make sure the effort succeeds in the market place. I am not disrespecting you. I appreciate of course what you have designed.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
October 16, 2013, 03:35:12 PM

Every single currency has died. The evidently most important property of a currency is that society can debase it.

I believe in science, which means we must measure our theories against measured reality.
Every single unlimited fiat currency in history has died, so your science isn't exactly based on an unbiased set of observations. The simple fact is that most people who believe in Bitcoin-type technology also believe in Austrian principles. If you want to put so much stock into surveys then you must accept the fact that most of us prefer a limited money supply.

Quote
Any way, you take the coin with no debasement and I will take the coin with it, and let's see what the market chooses.
That's like asking me and other members of this forum whether we would prefer Bitcoin or Federal Reserve notes. The answer is plainly obvious.

Quote
6,000,000,000,000,000,000,000 tonnes versus
170,000 tonnes.
What is that even supposed to mean? How can you deny the fact that the mass of the Earth can only be increased to a certain degree?

Quote
I will be 68 in 2033. The rate of debasement will be miniscule a decade before that.
The last Bitcoin block will be mined in 2140.

Quote
The last block that will generate coins will be block #6,929,999 which should be generated at or near the year 2140

https://en.bitcoin.it/wiki/FAQ

Quote
The survey says there is a market for perpetual debasement.
The survey says people want anonymity, not perpetual debasement. I think they have experienced enough of that as it is.

Quote
One potential attack vector is that as debasement ends, then miners must depend on transaction fees.
That is the point of re-mining lost coins, it ensures that miners will always have something to mine other than transaction fees and also ensures that the money supply will remain stable, instead of increasing or decreasing perpetually, which I personally think is the most logical and rational option.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
October 16, 2013, 04:10:39 PM

To be pedantic, technically the term "51%" is incorrect. From Satoshi's whitepaper, it only takes infinitesimally more than 50%, which is why I write 50+%.
That is true, yes.

If I am not mistaken this secret chain attack is still a 50+% attack, because the attacker must be able to generate new PoW solutions (at same or greater difficulty) faster than the cooperating, honest peers.
It's very similar to a 50+% attack but a little bit different because it can only be pulled off by generating the fake chain in secret. A 50+% attack is not as drastic, it would only allow the attacker to alter recent transactions, and the older a block was, the harder it would be to alter. Pretty much like a 50+% attack with Bitcoin, which has yet to happen btw. But the main point is that historic "super nodes" are not absolutely necessary, even without any such super nodes there is still a very minute chance that a secret chain attack could be pulled off successfully if the attacker is unable to recruit new nodes.

P.S. my argumentative style is intended to make sure the effort succeeds in the market place. I am not disrespecting you. I appreciate of course what you have designed.
No need to worry, I am a very thick skinned person and I can appreciate a bit of healthy criticism and debate. Life would be boring if we all agreed with each other. I can also respect your desire for increased anonymity, I'm just saying that it's a very complicated thing to do and perhaps best left to future efforts. I just really want to see some of these concepts implemented and if we wait around trying to develop the perfect system we might not ever get anything done.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 04:19:29 PM

Every single currency has died. The evidently most important property of a currency is that society can debase it.

I believe in science, which means we must measure our theories against measured reality.
Every single unlimited fiat currency in history has died, so your science isn't exactly based on an unbiased set of observations.

Every single currency has died, including gold currencies. We had gold currency in the 1800s. We don't now.

In fact, everything in the universe dies, and other things are born. This is the process of LIFE.

The simple fact is that most people who believe in Bitcoin-type technology also believe in Austrian principles.

What you believe has no relevance in science. In science we trust what we measure. Making things up out of thin air is for fairy tales.

Mises's crack up boom is occurring now, so I am not saying all Austrian economics is out-of-touch with reality. I am saying you are misinterpreting it. It never said money supplies must be constant. Mises wasn't into telling fairy tales.

http://en.wikipedia.org/wiki/Austrian_School#Inflation

Quote
He therefore used the term "inflation" to mean an excessive increase of the money supply

You are throwing the baby (normalcy) out with the bath water (Federal Reserve control) and you end up with a worse Frankenstein dark age or society kills the coin.

If you want to put so much stock into surveys then you must accept the fact that most of us prefer a limited money supply.

The two surveys say that "create coins forever" is popular and 5% is the most popular rate thus far in the poll.

I am pleasantly surprised to the see members here are astute about this issue.

Quote
Any way, you take the coin with no debasement and I will take the coin with it, and let's see what the market chooses.

That's like asking me and other members of this forum whether we would prefer Bitcoin or Federal Reserve notes. The answer is plainly obvious.

Apparently not. See the graph of the 50 - 100% increases lately from Fed. Apparently people here are reasonable and understand that we need to prevent cartels, and a small rate is normal and natural. We prevent it from rising to 50% because there is no Fed to control it.

It would be much better to protect that with a natural rate, then to lose it because we are selfish deflationists who want to steal from producers by sitting on idle savings for 600 years and create dark ages.

Quote
6,000,000,000,000,000,000,000 tonnes versus
170,000 tonnes.

What is that even supposed to mean? How can you deny the fact that the mass of the Earth can only be increased to a certain degree?

You must compare the relative mass of the earth to the total supply of gold to see that your fear is unfounded. As in several orders-of-magnitude beyond impossible. If you were a scientist, you would be ashamed of making that assertion, but I am not trying to embarrass you because I know you are not a scientist. You are just trying to help create a better coin and I appreciate that. I hope you will respect those who are more mathematical and knowledgeable than you are and try to learn rather than irrationally resist. That is not to say that I won't learn from you too. I already did from your excellent design of the mini-blockchain.

Quote
I will be 68 in 2033. The rate of debasement will be miniscule a decade before that.
The last Bitcoin block will be mined in 2140.

Quote
The last block that will generate coins will be block #6,929,999 which should be generated at or near the year 2140

https://en.bitcoin.it/wiki/FAQ

I had made a rough table of the planned Bitcoin debasement in the past. Let me reconstruct it, since I can't find it quickly.


2009 - 2012 0  10,500,000
2013 - 2016 5,250,000 15,750,000 11%
2017 - 2020 2,625,000 18,375,000 4%
2021 - 2024 1,312,500 19,687,500 1.7%
2025 - 2028   656,250 20,343,750 0.8%
2029 - 2032   328,125 20,671,875 0.4%
2033 - 2036   164,065 20,835,940 0.2%
2037 - 2040    82,033 20,917,973 0.1%


As of 2033, there isn't much debasement. Even a decade before that it has dropped below 1%. So my original statement was correct.

Bitcoin stops working for obtaining anonymous coins from mining, right when we will really need at the world goes into the SHTF mode and capital controls will be every where. That is highly suspicious to me.

Quote
The survey says there is a market for perpetual debasement.

The survey says people want anonymity, not perpetual debasement. I think they have experienced enough of that as it is.

See the surveys I mentioned above.

Quote
One potential attack vector is that as debasement ends, then miners must depend on transaction fees.

That is the point of re-mining lost coins, it ensures that miners will always have something to mine other than transaction fees and also ensures that the money supply will remain stable, instead of increasing or decreasing perpetually, which I personally think is the most logical and rational option.

I added that as an write-in option to the poll.

Yet that is only miniscule. The lost coins only gradually take the money supply towards 0 over decades. It can't substitute for a reasonable level of debasement.

Thus you have not addressed my point that cartels can take over mining otherwise.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2044
Merit: 1007

Newbie


View Profile
October 16, 2013, 04:37:43 PM

To be pedantic, technically the term "51%" is incorrect. From Satoshi's whitepaper, it only takes infinitesimally more than 50%, which is why I write 50+%.
That is true, yes.

To be very pedantic, u can do the attack even with 42%. Depends on luck. Smiley
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 04:56:51 PM

To be pedantic, technically the term "51%" is incorrect. From Satoshi's whitepaper, it only takes infinitesimally more than 50%, which is why I write 50+%.
That is true, yes.

To be very pedantic, u can do the attack even with 42%. Depends on luck. Smiley

Smiley And the probability becomes astronomically unlikely to sustain that for 6 blocks with less than 50%, based on the random walk calculation in Satoshi's whitepaper. I know you knew that. Smiley

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
bitfreak!
Legendary
*
Offline Offline

Activity: 1535
Merit: 1000


electronic [r]evolution


View Profile WWW
October 16, 2013, 05:21:49 PM

Every single currency has died, including gold currencies. We had gold currency in the 1800s. We don't now.
That is some what true, but I would argue that gold is still used a currency in some places even to this day and the only reason we got rid of the gold standard in the past was to replace it with a fiat system, not necessarily because a gold standard wasn't working.

Quote
He therefore used the term "inflation" to mean an excessive increase of the money supply
Even if you are correct it's still an impossibly difficult task to algorithmically implement the correct level of debasement over long periods of time. The only logical reason for perpetual debasement is to keep the value of the coins stable, but it is extremely difficult to achieve this because the value of the coin isn't just a function of the total money supply.

Quote
It would be much better to protect that with a natural rate, then to lose it because we are selfish deflationists who want to steal from producers by sitting on idle savings for 600 years and create dark ages.
I would like to know who has 600 years to sit on idle savings for a start. There is nothing selfish about deflation, it is the natural consequence of a currency which experiences increased demand and no one should have the ability to steal that extra value from the currency. What you are basically saying is that people shouldn't be allowed to save their money and hope it goes up in value, which is obviously not the spirit of cryptocurrency.

Quote
You must compare the relative mass of the earth to the total supply of gold to see that your fear is unfounded. As in several orders-of-magnitude beyond impossible.
Just because the limit is large doesn't change the fact there is a limit. Plus if you calculate the cost of recovering gold even from the nearest planet in our solar system, it works out the the cost of the transportation is more than the value of the gold.

Quote
As of 2033, there isn't much debasement. Even a decade before that it has dropped below 1%. So my original statement was correct.
Yes, but by 2033 when it becomes extremely hard to mine even small amounts of bitcoin, the value of each bitcoin will be much higher. The creation of new bitcoins drops off exponentially for a reason, Satoshi wasn't an idiot. He designed it that way for a reason and it seems to be working well thus far.

Quote
Yet that is only miniscule. The lost coins only gradually take the money supply towards 0 over decades. It can't substitute for a reasonable level of debasement.
The whole concept of a "reasonable level of debasement" is completely subjective in the first place, thus impossible to implement algorithmically in a fair and consistent manner. Being able to re-mine lost coins doesn't offer any level of debasement, it simply ensures that the money supply wont get perpetually smaller and cause perpetual inflation in that way. If the value of the coin goes up it will be purely due to an increase in demand and other natural economic forces.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 05:39:45 PM

If I am not mistaken this secret chain attack is still a 50+% attack, because the attacker must be able to generate new PoW solutions (at same or greater difficulty) faster than the cooperating, honest peers.

It's very similar to a 50+% attack but a little bit different because it can only be pulled off by generating the fake chain in secret. A 50+% attack is not as drastic, it would only allow the attacker to alter recent transactions, and the older a block was, the harder it would be to alter. Pretty much like a 50+% attack with Bitcoin, which has yet to happen btw.

You are equating "50+% attack" with what it means in Bitcoin. The secret chain attack doesn't exist in Bitcoin. Whereas I am saying any attack that requires possessing 50+% of the PoW resources, is a 50+% attack. The secret chain attack requires being able to outpace the creation of PoW solutions, thus it is a 50+% attack.

But the main point is that historic "super nodes" are not absolutely necessary, even without any such super nodes there is still a very minute chance that a secret chain attack could be pulled off successfully if the attacker is unable to recruit new nodes.

I am thinking it depends how far back in the history the attacker can go, i.e. what percent of the PoW difficulty they have.

If the nodes online only have a year of transaction history, but the attacker can go back further and create transaction history that matches the proof chain, then we need evidence from before that to decide which is the valid chain. You might want to add this to the wiki if I am correct.

P.S. my argumentative style is intended to make sure the effort succeeds in the market place. I am not disrespecting you. I appreciate of course what you have designed.

No need to worry, I am a very thick skinned person and I can appreciate a bit of healthy criticism and debate. Life would be boring if we all agreed with each other. I can also respect your desire for increased anonymity, I'm just saying that it's a very complicated thing to do and perhaps best left to future efforts. I just really want to see some of these concepts implemented and if we wait around trying to develop the perfect system we might not ever get anything done.

I am also concerned about time-to-implement, and I won't take on something I can't implement in reasonable time. If I am correct that we can't add the mix-net later (as we discussed in the implementation thread), then what choice do we have but to implement now?

If I could convince you to argue for a 3 - 5% debasement, I would gain an important ally. And it would show that it is possible to convince goldbugs. And you would know what point actually made it click in your mind.

Hope you saw this, I added it after posting:

Quote
He therefore used the term "inflation" to mean an excessive increase of the money supply

You are throwing the baby (normalcy) out with the bath water (Federal Reserve control) and you end up with a worse Frankenstein dark age or society kills the coin.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 06:23:14 PM

You still haven't addressed how to stop cartelization of mining if you remove debasement?

You want a cartelized coin?

Every single currency has died, including gold currencies. We had gold currency in the 1800s. We don't now.

That is some what true, but I would argue that gold is still used a currency in some places even to this day and the only reason we got rid of the gold standard in the past was to replace it with a fiat system, not necessarily because a gold standard wasn't working.

Currency is what you can trade for goods & services in society. Don't conflate with assets which are what you can trade to investors.

No where in any normally functioning country can gold be directly traded for goods & services.

Gold standard failed in the USA due to very frequent bank runs and depressions due to private banks running fractional reserves of loans in gold receipts. Strict money systems fail because society will not agree to not use loans. And mathematically loans require more money supply every year due to the interest rate. So if you only have gold, then you have no choice but to cheat and debase it with fractional reserves.

How was it working?

Goldbugs have elaborate illusions that sustain their delusion. Breaking them out of the dream-like state is not easy. I was quite ashamed with myself (having thought I was rational) when I fell out of it finally and returned to rationality. It caused me to doubt whether I will always be rational. My excuse is I was going through some severe personal issues at the time (e.g. sister was murder by her husband, loss of my marriage, got influenced by a guy named Jason Hommel, etc). I also went off on a God delusion during that period too  Embarrassed All of that caused me to change from a worldclass productive entrepreneur and programmer into a loser. But I should blame it on myself only (take responsibility).

Quote
He therefore used the term "inflation" to mean an excessive increase of the money supply

Even if you are correct it's still an impossibly difficult task to algorithmically implement the correct level of debasement over long periods of time. The only logical reason for perpetual debasement is to keep the value of the coins stable, but it is extremely difficult to achieve this because the value of the coin isn't just a function of the total money supply.

One reason (see bold text below for other reason) perpetual debasement exists is because society will always use loans and loans pay an interest rate, thus the demand for money increases compounded every year. If you don't have the money to pay the interest rates, then society will create it somehow which means for example creating fractional receipts (IOUs) for Bitcoins.

There is no such thing as a stable value of anything in the universe. Everything is measured relative to everything else. Please study my The Universe blog article. Do you realize that even measurements change depending on relative speeds?

http://unheresy.com/The%20Universe.html

Nothing the in universe is at a fixed position. You have a layman's incorrect comprehension of what it means "to exist".

Quote
It would be much better to protect that with a natural rate, then to lose it because we are selfish deflationists who want to steal from producers by sitting on idle savings for 600 years and create dark ages.

I would like to know who has 600 years to sit on idle savings for a start.

Rothschild family for example.

There is nothing selfish about deflation, it is the natural consequence of a currency which experiences increased demand and no one should have the ability to steal that extra value from the currency.

Currencies don't have exchange price demand, you are talking about an asset, e.g. Bitcoin is not primarily a currency.

Currencies have a demand based on the velocity of trade (money) in the economy but since they are the unit-of-account for all gooods and services, they don't have an exchange demand. In other words, most Americans don't care what the fluctuations in the exchange value of the dollar to other currencies or gold is, because everything they spend on it is priced in dollars. Now the relatively large influence of foreign exchange ingress and egress is why small countries are beholden to the dollar, they don't really have independent currencies.

Persistent monetary deflation in a true currency (not an asset) only occurs either in a dark age where hoarders thus destroy all the production (by failing to invest in production due to hoarding currency or assets) or in situation where the gold standard is being fractionally debased but hasn't defaulted yet, so there is an illusion that gold's value is rising persistently. Yet as we saw in the 1800s, the fractional reserves of gold certificates by the private banks in the 1800s eventually lead to total collapse where JP Morgan had to bailout the USA and in turn probably obtained the control to implement the Federal Reserve system in 1913, as documented in The creature from Jekyll Island and Bill Still's video The Money Masters.

So you can have an illusion about asset being a currency and pretend to yourself that persistent deflation is a demand for a currency (which is actually demand for that asset not a true currency), but that is not reality.

What you are basically saying is that people shouldn't be allowed to save their money and hope it goes up in value, which is obviously not the spirit of cryptocurrency.

No I specifically said the debasement rate should not be too high (sometimes not higher than the prevailing bond rates), because saving for lean times is important, as is the concept of delaying gratification to save. Yet we want that savings to be invested in productive activities. What is savings? It is society saying that you generated excess production in the past and it now trusts you to continue to do that, thus it allows you to decide which investments to do.

It is not a license to sit on that talent, and expect to leech off the others who are increasing production. Society won't tolerate that. The Bible (taken as a book of knowledge about realities of life) specifically talks about this in the Parable of the Talents.

Debasement also exists to force you to invest, and not allow you to cheat the implicit contract society has made with you.

Quote
You must compare the relative mass of the earth to the total supply of gold to see that your fear is unfounded. As in several orders-of-magnitude beyond impossible.

Just because the limit is large doesn't change the fact there is a limit.

Please if you are not going to admit when you are wrong, then that is disingenuous. I always do when I am wrong. A 20 foot basketball rim is a limit too, yet you will never dunk on it.

Plus if you calculate the cost of recovering gold even from the nearest planet in our solar system, it works out the the cost of the transportation is more than the value of the gold.

Moving the goal posts in a soccer game is not allowed. Many people have said things were impossible, that later become very possible. Seems to happen regularly. That is what technology is all about.

I said Branson was talking about mining asteroids as they pass nearby earth.

Quote
As of 2033, there isn't much debasement. Even a decade before that it has dropped below 1%. So my original statement was correct.

Yes, but by 2033 when it becomes extremely hard to mine even small amounts of bitcoin, the value of each bitcoin will be much higher. The creation of new bitcoins drops off exponentially for a reason, Satoshi wasn't an idiot. He designed it that way for a reason and it seems to be working well thus far.

Wow the greed. Getting something for nothing. Great virtues of every boom and bust.

And yeah he made sure he got most of the coins in the first years. Yet you are concerned about a small premine for this coin.

Quote
Yet that is only miniscule. The lost coins only gradually take the money supply towards 0 over decades. It can't substitute for a reasonable level of debasement.

The whole concept of a "reasonable level of debasement" is completely subjective in the first place, thus impossible to implement algorithmically in a fair and consistent manner. Being able to re-mine lost coins doesn't offer any level of debasement, it simply ensures that the money supply wont get perpetually smaller and cause perpetual inflation in that way. If the value of the coin goes up it will be purely due to an increase in demand and other natural economic forces.

The data I have (it is buried on one of my threads), is the average debasement for society is consistently about 5% for normalcy. This goes back to the 1800s in the USA.

You can't change what is normal, just because you think it would be neat. Society will route around you as if you are parasite that needs to be eradicated.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 16, 2013, 11:45:39 PM

I had written much about this already in No Money Exists Without The Majority:

https://bitcointalk.org/index.php?topic=226033.0

What I want to know now, is what the Bitcoiners here really think about debasement, gold, and the lack of debasement in Bitcoin after 2024, especially 2033.

So I will start another thread to ask for them to express their opinions, while I will try to shut up and listen to what all have to say.

https://bitcointalk.org/index.php?topic=312649.0 (that thread)

Because I don't want to get very excited about doing something good for the world, only to find out later that the market doesn't understand and is caught up in a gold delusion. If the market just wants to be fooled by their delusion into allowing mining cartels as Satoshi appears to have done to manipulate their psychology, then I need to know that, because it impacts how I should approach this. Generally speaking I am most excited to work when I feel I am doing something good for society and making money at the same time. I am sure it is the same for most of you all. Yet if you all think that gold as a strict currency is good for society, then we are doomed.

Not everyone has to agree, I just need to determine what is the real mindset of the majority of Bitcoiners. So I will start another thread to try to find out.

P.S. The probability that Satoshi was one person is slim and none:

http://ianso.blogspot.be/2013/10/bitcoin-as-law-enforcementnatsec.html

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
October 17, 2013, 03:18:58 AM

I would like to know who has 600 years to sit on idle savings for a start. There is nothing selfish about deflation, it is the natural consequence of a currency which experiences increased demand and no one should have the ability to steal that extra value from the currency. What you are basically saying is that people shouldn't be allowed to save their money and hope it goes up in value, which is obviously not the spirit of cryptocurrency.

Not in the spirit of bitcoin. Your argument about stealing is pretty funny, considering you are talking about being entitled to an increase in your wealth by the mere virtue of other people demanding to use the currency that you happen to use. Wealth is not created this way, wealth is redistributed. Wealth is created by the trading lubricant provided by money in lieu of barter. I've argued in the past that I think FRB was a key part in creating the merchant/middle class. Do I think FRB would have been the best way? Of course not, it created other types of empires and enslavement, but coincidentally or not, it does have a correlation with humanity moving away from feudalism and into a much more free society.

With a fairly objective perspective, one could argue that the US sees a much higher standard of living than it deserves, merely because of the property that its currency is the world reserve currency. The US government/fed/banking system triumvirate thoroughly enrich themselves by "printing" valueless bills in return for real goods and services and real power in the world. This, if not precisely, closely parallels how value is absorbed into the bitcoin ecosystem--by funneling it through the top. It is much more difficult to objectively see that when you (the general you) might be close to the top that this is a problem.


And mathematically loans require more money supply every year due to the interest rate. So if you only have gold, then you have no choice but to cheat and debase it with fractional reserves.

This is mathematically false. Interest does not require an ever-increasing money supply, it only requires that those who earn the interest spend it. However, there is very little incentive to actually consume wealth when it very easily buys power, and power tends to beget more power and wealth. The problem, my dear AnonyMint, with perpetual fixed debasement in a bitcoin-like blockchain design, is that competition to waste resources in pursuit of some-percentage-inflation means that little to no power will actually ever be distributed in that design. It is also a square peg in a round hole treatment that tries to address the fact that "something must be done" but "I really have no idea what." Comparing it to "this is sort of how it works today" is not particularly convincing, considering that it is the system that is trying to be fixed.

AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 17, 2013, 06:40:03 AM

Edit: I had written about all of this in more detail in August:

https://bitcointalk.org/index.php?topic=279771.msg3014282#msg3014282



I would like to know who has 600 years to sit on idle savings for a start. There is nothing selfish about deflation, it is the natural consequence of a currency which experiences increased demand and no one should have the ability to steal that extra value from the currency. What you are basically saying is that people shouldn't be allowed to save their money and hope it goes up in value, which is obviously not the spirit of cryptocurrency.

Not in the spirit of bitcoin. Your argument about stealing is pretty funny, considering you are talking about being entitled to an increase in your wealth by the mere virtue of other people demanding to use the currency that you happen to use. Wealth is not created this way, wealth is redistributed. Wealth is created by the trading lubricant provided by money in lieu of barter.

Happy to see someone understands why currency exists (in terms of unit-of-exchange, not just store-of-value). This is essentially what I wrote upthread about "velocity of trade (money)" and society entrusting savings because it expects you to generate more trade and excess production, as well what I wrote in the following linked No Money Exists Without the Majority, where I mentioned the purpose of currency (unit-of-exchange) is to obtain the maximum division-of-labor.

https://bitcointalk.org/index.php?topic=226033.0

I've argued in the past that I think FRB was a key part in creating the merchant/middle class.

Velocity of money is what brought us out of the last Dark Age. Unbanning usury was one factor, as well as the creation of the world's first central bank in Europe.

If goldbugs had their way, we would sink into another Dark Age. (I was a goldbug before sigh)

Do I think FRB would have been the best way? Of course not, it created other types of empires and enslavement, but coincidentally or not, it does have a correlation with humanity moving away from feudalism and into a much more free society.

I am again happy to see someone besides me understands this on the Bitcointalk forum.

With a fairly objective perspective, one could argue that the US sees a much higher standard of living than it deserves, merely because of the property that its currency is the world reserve currency. The US government/fed/banking system triumvirate thoroughly enrich themselves by "printing" valueless bills in return for real goods and services and real power in the world. This, if not precisely, closely parallels how value is absorbed into the bitcoin ecosystem--by funneling it through the top. It is much more difficult to objectively see that when you (the general you) might be close to the top that this is a problem.

Sadly I agree with you. And "Satoshi" (which is probably the same triumvirate, disagree?) has the psychology of these naive goldbugs wrapped around his million BTC finger.

And mathematically loans require more money supply every year due to the interest rate. So if you only have gold, then you have no choice but to cheat and debase it with fractional reserves.

This is mathematically false. Interest does not require an ever-increasing money supply, it only requires that those who earn the interest spend it.

Pedantically correct yet also incorrect as you admit. But as you say below and as I had noted also, interest flows to those who have amassed so much capital that they can no longer spend it nor invest it well. Thus my statement was correct in reality. Thus they turn to Olsen capture and parasitism. Controlling credit is a way to suck blood from a turnip. The controllers of the triumvirate don't even need to issue the loans, they control those who do.

However, there is very little incentive to actually consume wealth when it very easily buys power, and power tends to beget more power and wealth.

Exactly.

Perpetual debasement is one method of decaying that misdirected power. But not really effective, yet what other alternative do we have? And perpetual debasement at least helps us to keep mining more decentralized away from complete control of cartels.

The problem, my dear AnonyMint, with perpetual fixed debasement in a bitcoin-like blockchain design, is that competition to waste resources in pursuit of some-percentage-inflation means that little to no power will actually ever be distributed in that design.

I thought of one way it will:

https://bitcointalk.org/index.php?topic=285701.msg3090924#msg3090924

The large wealth can't seek out those little hydropower streams all over the world, because the economy-of-scale is too small for them.

This is analogous to my point upthread about how a guy selling mineral water on a hot day can double or triple his investment, but Warren Buffett can't do that in a day with $billions.

So redistribution can occur,and not just in mining but in general that "smaller things grow faster, seedlings grow to saplings in months, saplings grow to oak trees in years, but oaks trees never grow to the moon". This is why central banks are so evil, because it enables the bastards to reset the system and destroy all the gains the little guys have accumulated since the last reset. Central banking is the way the bastards kill everything periodically in order to maintain their percentage of power. Grotesque!

So the solution is we need a coin that can't be centralized, then human ingenuity will take care of the rest. This is why the mini-blockchain and perpetual debasement are a natural fit. But unfortunately the mini-blockchain designer can't see it (yet) due to some delusion he learned when becoming a goldbug. (sorry for the personal attack, but how else can I say I am frustrated that the designer of something so good can't see the big picture)

Do you have a better solution that is tied to the effort and ingenuity of humans and not just a Marxist redistribution scheme?

It is also a square peg in a round hole treatment that tries to address the fact that "something must be done" but "I really have no idea what." Comparing it to "this is sort of how it works today" is not particularly convincing, considering that it is the system that is trying to be fixed.

I think you missed that revelation I had on hydropower since the last time we were debating.

You are a smart guy and I wish we could get on the same page.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
October 17, 2013, 07:13:16 AM

Pedantically correct.

Mathematically correct. It is an often misunderstood concept and conflating the reasons for the necessity of an expanding supply is not helpful to your line of argument.

Quote
The large wealth can't seek out those little hydropower streams all over the world, because the economy-of-scale is too small for them.

This presumes that hydropower streams are somehow the end-all be-all for efficient energy production. It also ignores the very significant hardware aspect of the equation. Square peg, round hole.

Quote
Do you have a better solution that is tied to the effort and ingenuity of humans and not just a Marxist redistribution scheme?

Yes.

AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 17, 2013, 07:29:30 AM

Btw, I am considering quitting and exiting Bitcointalk.org. I have been thinking lately, it is time for me to make a decision and stop wasting time. Either I do the project, or I move on to other software projects that are less thankless and dangerous. The following link has my logic on why:

https://bitcointalk.org/index.php?topic=286536.msg3354194#msg3354194



Pedantically correct.

Mathematically correct. It is an often misunderstood concept and conflating the reasons for the necessity of an expanding supply is not helpful to your line of argument.

Disagree, because the math also applies to the fact that larger capital can't do what smaller capital can. Any way, we agree on the point and we are arguing only semantics.

Quote
The large wealth can't seek out those little hydropower streams all over the world, because the economy-of-scale is too small for them.

This presumes that hydropower streams are somehow the end-all be-all for efficient energy production. It also ignores the very significant hardware aspect of the equation. Square peg, round hole.

I trust human ingenuity and the fact that smaller capital can do things which larger capital can't.

I think the main problem is the central bank (actually the triumvirate) which erases the gains smaller capital make against larger capital. Right now, the G20 is collecting data on all the millionaires so it can destroy them. Bitcoin is probably a honeypot helping them to do this.

Quote
Do you have a better solution that is tied to the effort and ingenuity of humans and not just a Marxist redistribution scheme?

Yes.

I know how to implement what was proposed in this thread within probably 3 to 6 months. You would be well served to implement, and not talk.

And I am about done with talking. Decision time.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 17, 2013, 05:58:46 PM

The simple fact is that most people who believe in Bitcoin-type technology also believe in Austrian principles. If you want to put so much stock into surveys then you must accept the fact that most of us prefer a limited money supply.

The only logical reason for perpetual debasement is to keep the value of the coins stable, but it is extremely difficult to achieve this because the value of the coin isn't just a function of the total money supply.

...

What you are basically saying is that people shouldn't be allowed to save their money and hope it goes up in value, which is obviously not the spirit of cryptocurrency.

No money has a constant value unless everyone uses it as their unit-of-account and thus no exchange-value needs to be considered:

http://armstrongeconomics.com/2013/08/24/14007/

Thus maintaining a constant money supply doesn't guarantee deflation, unless it is everyone's unit-of-account, but in that case deflation leads to repulsion to investment, because why should I risk my capital when it is always increasing in value if I just bury it in a hole. But then production declines due to lack of investment and you get stagflation with deflation of production. Then why should I invest if the economy is declining. Sound familiar? (it is happening right now) It is a downward spiral that can lead to a Dark Age, if society doesn't confiscate the gold and create inflation (by devaluing gold) as FDR did to save us from a Dark Age. That is not to say I like the outcome of the New Deal socialism, but I am saying that if rational (Arlyn Rand self-interested) capitalists have their way, we end up in Dark Age.

It is really the high tech sector that always saves society from ruin. We always invest our brains, because we are bored otherwise.

(note wrote the above very sleepy, so may not make complete sense)

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 20, 2013, 02:01:53 AM

bitfreak! I want to apologize for crashing in on your thread. I think the Mini-blockchain is absolutely required for a Bitcoin future that isn't dominated by cartels doing the mining (but it is not alone sufficient to prevent the cartels).

Let me summarize where this ended up for me.

1. Mini-blockchain by itself is not sufficient to drive adoption a new altcoin. Users get more excited about features that put coins in their pocket, than solving future scaling problems.

2. Economics of debasement (i.e. money supply inflation) is not well understood. However, without perpetual debasement, the mining of PoW will end up with cartels. However, many will disagree on these points, so it is very difficult to get any sort of consensus agreement.


The key to understanding the economics of debasement is that money supply inflation always goes to workers salaries[1], so it is not a problem. The theft that occurs with fractional reserve banking is mainly by periodically confiscating the capital of the population with an economic implosion and a reset of the currency, e.g. bank failures in a fractional reserve system or the coming bail-ins and retirement account nationalizations for G7 nations. And without perpetual debasement, you must have fractional reserve banking, because of the logic Etlase2 and I discussed upthread.

An economy can't run properly without perpetual debasement because then capital never has to move (because it never rots), it can just sit in a hole forever. Nothing in the universe is forever, so to structure capital to be forever introduces abnormality that can't be.

[1] A more direct link to the math, https://bitcointalk.org/index.php?topic=160612.msg2895021#msg2895021

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
digitalindustry
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


wubba lubba dub dub


View Profile WWW
October 20, 2013, 12:40:41 PM

Anonymint.

First I agree in degrees there is nothing wrong with an expansion of the money supply , to fit the normal balance of trade and production of the citizens therein. 

Where I think you misunderstand is the relationship between "interest" and debt.

You make a blanket assumption that all currency must expand because of the principal of interest ?

This is not the case , and its important that we dont confuse this basic principle , interest can be a justification for risk on an investment , this is just a transfer mechanism , nothing to do with net currency expansion .

The reason all economic activity is grinding to a halt is of course because all currency is  issued as debt , then by extension expanded with " credit creation" .

There is more debt than currency , understand ?

This by extension and purpose filters , energy productive capacity back towards the top of that pyramid friend .

If citizens humans for examples,  stopped getting into debt , and stopped borrowing further into debt , nearly all currency velocity would freeze and the world would grind to a halt .

This would be called a deflationary spiral.  This is what everyone fears .

Of course BTC is fantastically centralized , they are relying in that very thin principal of paying off the right people , I dont think its a viable economic infrastructural design.

But roll with it while its working .

The reason the fed balance sheet is tbe number it is , is due to the fear that people individual and businesses are at thier debt limit.

Thus all currency velocity can freeze .

tiny rick !
- https://voat.co/v/Contact/
- Twitter @Kolin_Quark
digitalindustry
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


wubba lubba dub dub


View Profile WWW
October 20, 2013, 12:54:58 PM

Id like to add that there is nothing inside the human dna that is compelling them towards rising prices , or away from dropping prices .

This is purely a market mechanism .

Having said that im not a proponent of the "gold standard" simply because of its manny other flaws .

Furthermore having said that , though,  I dont personally own 1 to 2000+ nuclear weapons so I wont be in the decision making process for this in the future .

Id say the Nations that do will be .

Still a srict gold type standard would net net be more equitable for most people across the world including by extension "westerners" than the present situation , so when you stand back and think about it , what are we doing ?

The trend is not on an improvement slope , I think everyone agrees. 

tiny rick !
- https://voat.co/v/Contact/
- Twitter @Kolin_Quark
digitalindustry
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


wubba lubba dub dub


View Profile WWW
October 20, 2013, 01:07:25 PM

"Thus maintaining a constant money supply doesn't guarantee deflation, unless it is everyone's unit-of-account, but in that case deflation leads to repulsion to investment, because why should I risk my capital when it is always increasing in value if I just bury it in a hole. But then production declines due to lack of investment and you get stagflation with deflation of production. Then why should I invest if the economy is declining. Sound familiar? (it is happening right now) It is a downward spiral that can lead to a Dark Age, if society doesn't confiscate the gold and create inflation (by devaluing gold) as FDR did to save us from a Dark Age. That is not to say I like the outcome of the New Deal socialism, but I am saying that if rational (Arlyn Rand self-interested) capitalists have their way, we end up in Dark Age"

You said you were tired when you wrote this ?

Then that is understandable,  be careful not to fall into someone elses narrative , humans are by extention :

1. Sociable
2. Productive

If capital was in a hole gaining money , some human would be in the hole throwing the extra out the sides , in fact they would invent a way to throw it out .

The point is as long as there are enough units to meet and exceed production and trade , largely the market will balance .

The division of units inherent in the crypto principal needs to be looked at in respect to actually points you yourself brought up and i will credit you with in regards to the fee structure centralization. 

So there are things to look at in this regard .

tiny rick !
- https://voat.co/v/Contact/
- Twitter @Kolin_Quark
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 20, 2013, 05:15:37 PM

...

The key to understanding the economics of debasement is that money supply inflation always goes to workers salaries[1], so it is not a problem. The theft that occurs with fractional reserve banking is mainly by periodically confiscating the capital of the population with an economic implosion and a reset of the currency, e.g. bank failures in a fractional reserve system or the coming bail-ins and retirement account nationalizations for G7 nations. And without perpetual debasement, you must have fractional reserve banking, because of the logic Etlase2 and I discussed upthread.

An economy can't run properly without perpetual debasement because then capital never has to move (because it never rots), it can just sit in a hole forever. Nothing in the universe is forever, so to structure capital to be forever introduces abnormality that can't be.

[1] A more direct link to the math, https://bitcointalk.org/index.php?topic=160612.msg2895021#msg2895021

Where I think you misunderstand is the relationship between "interest" and debt.

You make a blanket assumption that all currency must expand because of the principal of interest ?

We are getting off-topic of this thread, and I don't have any strong disagreements with the rest of what you wrote. However, let me clarify this one point. I agreed with Etlase2 that in theory interest could simply be transferred, if not everyone is in debt, but mathematically it can't occur. I provided two orthogonal (to each other) reasons for the mathematical certainty that interest requires an expanding money supply:

1. If all base money is earning an interest, then the base money supply must expand, otherwise there doesn't exist enough base money to pay the interest.

2. Those who earn the interest are wealthy, and only spend a fraction of their passive income, thus they don't transfer it back to those who are paying interest. Thus, it is a mathematical certainty that eventually all of the money supply will be transferred to them, if we don't debase the money supply.



Note that with central bank control, the most wealthy and powerful debase the money supply sufficiently to destroy those earning interest (current ZIRP), and pass the debasement to themselves. These periodic resets are how they take all the interest that was aggregated by moderately wealthy who are less powerful including the disposable banking corporations. A grotesque racket.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 21, 2013, 08:10:38 PM

...

The key to understanding the economics of debasement is that money supply inflation always goes to workers salaries[1], so it is not a problem. The theft that occurs with fractional reserve banking is mainly by periodically confiscating the capital of the population with an economic implosion and a reset of the currency, e.g. bank failures in a fractional reserve system or the coming bail-ins and retirement account nationalizations for G7 nations. And without perpetual debasement, you must have fractional reserve banking, because of the logic Etlase2 and I discussed upthread.

An economy can't run properly without perpetual debasement because then capital never has to move (because it never rots), it can just sit in a hole forever. Nothing in the universe is forever, so to structure capital to be forever introduces abnormality that can't be.

[1] A more direct link to the math, https://bitcointalk.org/index.php?topic=160612.msg2895021#msg2895021

Where I think you misunderstand is the relationship between "interest" and debt.

You make a blanket assumption that all currency must expand because of the principal of interest ?

We are getting off-topic of this thread, and I don't have any strong disagreements with the rest of what you wrote. However, let me clarify this one point. I agreed with Etlase2 that in theory interest could simply be transferred, if not everyone is in debt, but mathematically it can't occur. I provided two orthogonal (to each other) reasons for the mathematical certainty that interest requires an expanding money supply:

1. If all base money is earning an interest, then the base money supply must expand, otherwise there doesn't exist enough base money to pay the interest.

2. Those who earn the interest are wealthy, and only spend a fraction of their passive income, thus they don't transfer it back to those who are paying interest. Thus, it is a mathematical certainty that eventually all of the money supply will be transferred to them, if we don't debase the money supply.



Note that with central bank control, the most wealthy and powerful debase the money supply sufficiently to destroy those earning interest (current ZIRP), and pass the debasement to themselves. These periodic resets are how they take all the interest that was aggregated by moderately wealthy who are less powerful including the disposable banking corporations. A grotesque racket.

This is why they are going after the millionaires now, to confiscate (via their control of the government) what was aggregated since the last reset 1929 - 1955. This reset is 2007 - 2033. Every 78 years (3 x 26 reproductive maturity generations).

You have to Think Like a Bankster to understand how the globalists play the game:

http://www.silverbearcafe.com/private/01.10/thinklikeabanker.html

You see what Merkel did as soon as she was re-elected to her lame duck term, she cooperates to supra-nationalize the German banks to transfer control to the EU (Brussels), where the most wealthy and powerful have even more control:

http://armstrongeconomics.com/2013/09/26/one-day-after-german-elections-truth-comes-out/

http://armstrongeconomics.com/2013/10/20/growing-concern-about-the-federalization-of-europe/

http://armstrongeconomics.com/2013/10/14/european-banking-crisis-seizing-10-of-everyones-accounts-hello-cyprus/

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
digitalindustry
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


wubba lubba dub dub


View Profile WWW
October 22, 2013, 02:31:59 AM


We are getting off-topic of this thread, and I don't have any strong disagreements with the rest of what you wrote. However, let me clarify this one point. I agreed with Etlase2 that in theory interest could simply be transferred, if not everyone is in debt, but mathematically it can't occur. I provided two orthogonal (to each other) reasons for the mathematical certainty that interest requires an expanding money supply:

1. If all base money is earning an interest, then the base money supply must expand, otherwise there doesn't exist enough base money to pay the interest.

2. Those who earn the interest are wealthy, and only spend a fraction of their passive income, thus they don't transfer it back to those who are paying interest. Thus, it is a mathematical certainty that eventually all of the money supply will be transferred to them, if we don't debase the money supply.



Note that with central bank control, the most wealthy and powerful debase the money supply sufficiently to destroy those earning interest (current ZIRP), and pass the debasement to themselves. These periodic resets are how they take all the interest that was aggregated by moderately wealthy who are less powerful. A grotesque racket.

Hmmmm.

Ok , well simply do this as an exercise , seperate the production and the currency .

If one does this , you will note that point 1 is redundant as there is no need for most of the people or even many of the people to be paying interest , interest is a payment for risked capital used for productive expansion.

Correctly viewed , it bears no relation to monetary expansion .

The rest I cant comment on except to say , the current scam we have operating of course all relates to issuance .

In case im not being clear issuance issuance issuance issuance issuance .

Did I mention the issue is with the manner of the issuance of the monetary supply ?

Once this is understood everything becomes much clearer. 

tiny rick !
- https://voat.co/v/Contact/
- Twitter @Kolin_Quark
digitalindustry
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


wubba lubba dub dub


View Profile WWW
October 22, 2013, 02:34:19 AM

Hey I want to stay on topic as much as the next freedom loving debt ridden  wage slave ...

tiny rick !
- https://voat.co/v/Contact/
- Twitter @Kolin_Quark
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
October 22, 2013, 03:42:25 AM

1. If all base money is earning an interest, then the base money supply must expand, otherwise there doesn't exist enough base money to pay the interest.

Along the same lines as I mentioned earlier, this is not accurate. One base unit of currency on average can be used to pay off more than one debt unit if the velocity of money is high enough. The problem is that it is only a matter of when the velocity will drop from previous levels and necessitate a slew of bankruptcies as lots of credit/debt money disappears, and a cycle of economic recession starts. This doesn't only affect FRB, it affects a rigid gold standard (lol) too because then instead of not lending debt digits, you're hiding gold under the mattress. If you're rich and want to stay that way, you play scared. The Fed nowadays tries to fix this by offering cheap money, etc. it always ends up being a handout to the people who got us into this to get them out of it unscathed while everyone else suffers.

Bitcoin would work even worse because you can't dig up more bitcoins than allotted, so there is nothing coming from anywhere to spur new economic activity. It won't work this way in practice though (the "deflationary spiral") because people will just switch to a clone or back to fiat. The bitcoin wiki probably still says something along the lines of "it won't happen because the rich will buy stuff".

Quote
2. Those who earn the interest are wealthy, and only spend a fraction of their passive income, thus they don't transfer it back to those who are paying interest. Thus, it is a mathematical certainty that eventually all of the money supply will be transferred to them, if we don't debase the money supply.

It's only a certainty under certain conditions. The wealthy play the game that has been passed down to them over the generations. But with a couple simple variable tweaks, you could totally change that game. For example, the idea behind demurrage and Freicoin, where money has a carrying cost, ergo not durable. I don't think it has a shot of working considering that it will (probably) never be legal tender, but if it were, the game would be played much differently.

Regardless, if all base money is earning interest and there is a fixed supply in a real world scenario, it can still work, it just involves a lot of bankruptcies in lieu of an expanding supply. Banks would find some equilibrium between bankruptcies and interest rates to be where the most profitable position is. Of course, when they fuck up, as they always will, the bankruptcies will increase significantly for some time. Bankruptcies in general are not good for anyone including the rich, so the tightly controlled system of inflation we use today is preferable. Without government spending of bitcoin to put money into motion and with more than half in the hands of the tiniest of percentage of the world's population, the trail to bitcoin adoption (or any deflationary money similar to it) can only be littered with bankruptcy.

AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
October 22, 2013, 05:21:35 AM

1. If all base money is earning an interest, then the base money supply must expand, otherwise there doesn't exist enough base money to pay the interest.

Along the same lines as I mentioned earlier, this is not accurate.

My statement is accurate because velocity can't continue to increase forever.

People can only transact so fast, because it is assumed there must be some service or good provided.

This spiral demand is why at debt bubble peaks (probably circa end of 2015, with a possible extension to 2017 or so), everyone is running around like a chicken with head cut off, trying to move faster and faster, and there is massive misallocation of resources because of the race to transact faster thus sacrificing quality of (or rational necessity) of services and goods. (This is the Mises Crackup Boom)

You will see this race in the developing countries now. They are literally not sleeping, they are moving so fast to spend all the debt being pumped in.

Foreign Policy described this as "globalization":

http://www.foreignpolicy.com/articles/2001/09/01/will_globalization_go_bankrupt

Real Estate bubble is now spreading to where ever it wasn't already:

http://armstrongeconomics.com/2013/10/04/real-estate-boom-in-switzerland-singapore-elsewhere/

One base unit of currency on average can be used to pay off more than one debt unit if the velocity of money is high enough. The problem is that it is only a matter of when the velocity will drop from previous levels and necessitate a slew of bankruptcies as lots of credit/debt money disappears, and a cycle of economic recession starts.

You are referring to the Quantity Theory of Money and the summary equation:

M x V = P x Q ≈ GDP

Correct. Velocity can't increase perpetually, thus eventually base money supply has to increase or bankruptcies must ensue, which is where the world is now (final peak inflection point is 2015 - 2016 probably).

This doesn't only affect FRB, it affects a rigid gold standard (lol) too because then instead of not lending debt digits, you're hiding gold under the mattress. If you're rich and want to stay that way, you play scared.

You are saying that hoarding gold collapses the velocity, and yes velocity is down -50% since 2007:

http://armstrongeconomics.com/2013/10/20/they-are-calling-it-a-collapse-in-capitaism/

http://armstrongeconomics.com/2013/10/10/deflation-inflation-stagflation/

Note we didn't have a rigid gold standard ever. These were always fractional reserve systems, e.g. the private banks in the USA in 1800s. The rigid gold system occurs as the people run from the debt collapse into gold and bury it which can end up in a Dark Age:

http://armstrongeconomics.com/2013/10/21/what-about-gold-hoarding-the-reserve-dollar-status/

http://armstrongeconomics.com/2013/10/16/destroying-the-world-economy/

http://armstrongeconomics.com/2013/10/10/g20-meeting-to-raise-taxes/

http://armstrongeconomics.com/2013/10/10/obamacare-another-nsa-spying-on-citizens/

http://armstrongeconomics.com/2013/10/07/how-empires-nations-city-states-die-we-seem-to-be-right-on-schedule/

http://armstrongeconomics.com/2013/09/27/so-what-does-the-future-hold/

http://armstrongeconomics.com/2013/09/26/one-day-after-german-elections-truth-comes-out/

The Fed nowadays tries to fix this by offering cheap money, etc. it always ends up being a handout to the people who got us into this to get them out of it unscathed while everyone else suffers.

Agreed as I wrote upthread, the central banks debase in ways that aid the controllers of the goverment, i.e. the most rich and powerful:

http://armstrongeconomics.com/2013/10/16/fed-balance-sheet-lack-of-oversight/