bytemaster
|
|
June 14, 2013, 04:40:15 AM |
|
To achieve higher speeds and greater privacy we will require a system like Open Transactions where you have an anonymous server that cannot 'forge' receipts and can destroy all transaction history while still providing a provable balance. An anonymous transaction server can back 100% of its issued IOUs with collateral held in the blockchain and identifying a large number of trusted yet anonymous 'escrow agents' to handle any disputes regarding withdraws of funds from the server.
Now we can allow anyone to make deposits into the OT server by contributing to the escrow balance. Anyone can also make withdraws from the OT server's escrow fund by presenting the last signed receipt as an input to the transaction. At any time any party may open a 'dispute' regarding a withdraw from the OT server's pool which will immediately freeze all withdraws until a super majority of the escrow agents 'vote' to either 'halt' operation of the server or clear the server of wrong-doing after performing an audit of the server. All withdraws have a 24 hour waiting period where they can be challenged.
To open this 'dispute' you must post a good faith fee that will be forfeited if the signed receipt is proven valid. To launch a new OT server you must post a surety bond that will be forfeited if the server is found 'guilty' to the individual who first reports the failed audit.
What is the end result of this system? All parties have incentive to audit / monitor all withdraws for fraud. The escrow agents collect a small 'fee' from every deposit / withdraw and thus do not want to risk losing their reputation over a single OT server as they will be providing their services for many OT servers and private transactions. Depositors, traders, and others would all have interest in reporting fraud as well as the OT server itself.
Assuming a 'provable' audit could be performed on a OT server (which I think is possible) then we can achieve both high-speed and anonymous transactions in a secure, decentralized manner.
This would have to be supported by the block chain directly to automate the escrow, surety bond, deposit, and withdraw, and dispute process.
In the event that the server 'disappeared' then it will be up to the depositors to 'prove' the most recent audit / receipt which would allow the escrow agents to redeem receipts on behalf of the server.
End result: high-speed, anonymous, secure, and fraud-free trading.
|
|
|
|
td services
Sr. Member
Offline
Activity: 448
Merit: 250
black swan hunter
|
|
June 14, 2013, 06:51:10 AM |
|
I have been following the p2p exchange discussions to catch up with the different proposals and projects. I have discussed a plan, PeerTrader, with some developers and posted it at https://bitcointalk.org/index.php?topic=234043.msg2471088#msg2471088 . The closest I've seen so far are Marketcoin and Bitshares. I appreciate this thread to try to arrive at a common goal and plan to develop this critical piece of cryptocurrency infrastructure.
|
|
|
|
bytemaster
|
|
June 14, 2013, 07:11:16 AM |
|
I have been following the p2p exchange discussions to catch up with the different proposals and projects. I have discussed a plan, PeerTrader, with some developers and posted it at https://bitcointalk.org/index.php?topic=234043.msg2471088#msg2471088 . The closest I've seen so far are Marketcoin and Bitshares. I appreciate this thread to try to arrive at a common goal and plan to develop this critical piece of cryptocurrency infrastructure. In what way do you see BitShares falling short of the ideal (particularly in light of the posts in this thread in the past 24 hours). BitShares has absorbed the inter-chain trading of MarketCoin and expanded/enhanced upon it so I would like to know what else is missing so I can work to address it.
|
|
|
|
td services
Sr. Member
Offline
Activity: 448
Merit: 250
black swan hunter
|
|
June 14, 2013, 02:13:21 PM |
|
I have been following the p2p exchange discussions to catch up with the different proposals and projects. I have discussed a plan, PeerTrader, with some developers and posted it at https://bitcointalk.org/index.php?topic=234043.msg2471088#msg2471088 . The closest I've seen so far are Marketcoin and Bitshares. I appreciate this thread to try to arrive at a common goal and plan to develop this critical piece of cryptocurrency infrastructure. In what way do you see BitShares falling short of the ideal (particularly in light of the posts in this thread in the past 24 hours). BitShares has absorbed the inter-chain trading of MarketCoin and expanded/enhanced upon it so I would like to know what else is missing so I can work to address it. So far I've liked everything I've read on BitShares. Is there a whitepaper or a link to some more information on it?
|
|
|
|
|
jaekwon
Member
Offline
Activity: 70
Merit: 10
|
|
June 15, 2013, 12:52:17 AM Last edit: June 15, 2013, 02:21:22 AM by jaekwon |
|
I came to research P2P exchanges after realizing the pitfalls of the PoW scheme. [5] I believe that all PoW coins (including hybrid schemes) are a tradeoff between two extremes; one being extreme waste of energy, and the other being a weakness of the network. Consider how much energy would be wasted should Bitcoins grow to replace the USD within a decade, or how weak the network would be today should mining rewards be eliminated.[1] There have been several approaches that I found that don't rely on PoW, including Ripple and Open-Transactions. Unfortunately I find that Ripple approach is entirely too centralized, and I am not convinced that the ledger closing algorithm [4] will scale successfully into a fully decentralized network. OpenTransactions, AFAICT, has significant architectural problems in that users of an issued currency must trust the Issuer, and the Issuer in turn must trust the Server not to inflate the currency. There is a mechanism in the works for the Issuer to audit the Server [2] to ensure that the currency hasn't been inflated, but I don't see how this is atomic, and I don't see how the audit would work unless the Issuer has full knowledge of all transactions, in which case we might as well use a block chain for fairness in transparency, and also so that users can choose to migrate to a new Issuer should there be a compromise of sorts. I now believe that the future global crypto currency system will be a federated system of block-chains, where each block-chain is signed by one (or a group via group signatures) Issuer (rather than mined collectively by PoW). Similar to OpenTransactions in some ways, except there is a public block-chain. The Issuer is the Server, and the currency of the Issuer is a special account that holds a balance of other currencies. I like to think of the Issuer as a public corporation with shares and its own bank account containing fiat & other securities. Should there be a problem where the Issuer is misbehaving (e.g. by not signing valid transactions into the block-chain), the shareholders can vote for a new Issuer, and the other currency Issuers would recognize the newly voted Issuer as proper. So, if you trust the Issuer Alice, and you see that Issuer Bob's currency is backed by shares of Alice, then you can proportionately trust Bob to behave good; for in the worst case Bob's accounts could even lose their ability to redeem the underlying shares of Alice. In this way, the federated system of currencies is built on mutual trust and voluntary actions of the Issuers. Such a federated system of PoW-less currencies has the additional benefit that transaction times can be very short, so a P2P exchange can work fairly well with the chain-trade algorithm [3]. With branch currencies (think, the opposite of a basket currency; one currency is branched out to many), you can have a federation of high-speed exchanges across the globe, each centralized yet backed by the same root currency. With regards to fiat and the pegging of currencies to fiat: I don't think we need to worry about that at all. The system described can accommodate a new generation of currencies, as well as a new generation of IPO stocks and asset-based currencies (which aren't distributed via PoW btw); it wouldn't have the constant downward market pressure of miner rewards; it wouldn't have any problem getting adoption. If one wanted to issue a new currency backed by fiat, one can still do so, and it would be up to the users to trust this issuer, as it should be. Similarly, I wouldn't be concerned with pegging to Bitcoin either. [1]: If you're still not convinced, first I would try to convince you that Bitcoin would be more robust today if it were based on Proof-of-Stake. Unfortunately I don't believe that pure Proof-of-Stake currencies work, as a matter of theory involving achieving consensus in a distributed asynchronous system. See http://macs.citadel.edu/rudolphg/csci604/ImpossibilityofConsensus.pdf[2]: https://bitcointalk.org/index.php?topic=2817.msg2459550#msg2459550[3]: https://en.bitcoin.it/wiki/Contracts#Example_5:_Trading_across_chains[4]: https://ripple.com/wiki/Consensus[5]: https://bitcointalk.org/index.php?topic=181759.0bytemaster, not sure we should be including call/put options yet, as these might be better implemented via a more generic language/mechanism, after the core architecture has been defined. Same with escrows / bitmessage integration etc. The exchange I described above requires no escrow mechanism. [3] brb.
|
|
|
|
bytemaster
|
|
June 15, 2013, 01:10:51 AM |
|
I think the problem with any public backing of crypto-chains is a central point of failure. These would effectively be a new form of bearer bonds and thus illegal. So while in theory you could have many 'signers' and more 'transactions' with 'lower energy input', I think the 'energy input' argument is entirely missing the point. We waste far more energy and resources decorating our homes for christmas and manufacturing all of the decorations than energy would ever be put into mining.
With BitShares mining and 'owning' are equally profitable and the algorithm is far more decentralized. The profits from mining will approach the average profitability / interest rate in society and thus consume no more resources than the value provided to the consumers. Ultimately transaction fees back all mining and people will not pay for more security than is necessary.
|
|
|
|
bytemaster
|
|
June 15, 2013, 01:29:39 AM |
|
Merged Mining is a CRITICAL aspect for scalability of many different block chains. Unfortunately, merged mining requires a merkel tree as the proof-of-work and thus takes more space in the block headers that must be stored forever. So if you want to create a system like bitshares that will ultimately have 1000+ chains each trading in a subset of the available securities then merged mining will be critical. However, you do not want to 'artificially' limit the depth of the merkel tree nor do you want to allow merged miners to get a 'free lunch' at the expense of everyone else by including every chain under the sun in their POW merkel tree regardless of the potential value of that chain.
So, I have devised a new approach to allow BitShares to natively support merged mining with proper profit incentives to minimize the size of the merkel POW tree without placing any limits on the size. If there are two BitShare chains (Red and Blue) and each chain is trading in a different subset of securities then a miner who is doing merged mining for both chains has 3 options, mine red, mine blue, or do merged mining. If they opt for merged mining then both the Red and Blue networks experience a cost to accept the larger POW and yet the miner effectively doubles his payout. So the new approach use the depth of the merkel chain that proves the work to discount the percent of the reward that goes to the miner with the balance going to the dividends. Thus you can calculate your mining reward as block-reward / 2^proof-depth. The end result is that if Red and Blue BitShares have equal market value and difficulty then merged mining is equally as profitable single mining and in both Red and Blue chains benefit from the added hash power.
If Red and Blue chains have different values and difficulties then miners will have to carefully choose which chains they mine based upon the expected growth of both chains relative to the division of their hashing power. This would enable good and useful merged mining without the costs of unprofitable merged mining being foisted on the larger networks or creating a 'master / slave' chain setup.
|
|
|
|
jaekwon
Member
Offline
Activity: 70
Merit: 10
|
|
June 15, 2013, 02:20:03 AM Last edit: June 15, 2013, 02:45:13 AM by jaekwon |
|
I think the problem with any public backing of crypto-chains is a central point of failure. These would effectively be a new form of bearer bonds and thus illegal. So while in theory you could have many 'signers' and more 'transactions' with 'lower energy input', I think the 'energy input' argument is entirely missing the point. We waste far more energy and resources decorating our homes for christmas and manufacturing all of the decorations than energy would ever be put into mining.
This is true for the size of the Bitcoin network now (I think), but it won't be true if the world's currencies and securities were backed by PoW. See: https://bitcointalk.org/index.php?topic=181759.0 , and keep in mind that the figure is only for USD. There are orders of magnitude more in securities, so considering everything, there is not enough coal in the world to power the world with PoW securities. There is no central point of failure. I am suggesting a federation of issuers where each issuer is game theoretically incentivized to be honest. Not only would this federation be more energy efficient, it would also be immune to nationstate attacks given the security of the signing algorithm. Should the issuer misbehave, the stakeholders would impeach the issuer, so it's very close to a PoStake system. With all due respect, raising the issue of legality is missing the point of this exercise, given the history of debt money. With BitShares mining and 'owning' are equally profitable and the algorithm is far more decentralized. The profits from mining will approach the average profitability / interest rate in society and thus consume no more resources than the value provided to the consumers. Ultimately transaction fees back all mining and people will not pay for more security than is necessary.
With PoW, the profits from mining is proportional to the security of the network, which is also proportional to energy expenditure. Even in the current bitcoin network, with the very high mining reward, there is not enough security, as it can be shut down by nationstate fiat quite easily. It is more secure to have a single authority per blockchain that is responsible for rubberstamping it, with the ability for shareholders to impeach the authority, than it is to have a distributed PoW scheme. With a federation of blockchain currencies and their respective signing authorities, and with inter-currency backing, there will be trust that builds from within the system. What is money? Money is a collective agreement based on trust. The system that I have described is a cryptographic manifestation of collective agreement amongst voluntary agents.
|
|
|
|
bytemaster
|
|
June 15, 2013, 03:05:16 AM |
|
If all of the nodes on the network *only* consider the hashing power in deciding which block to accept then the network is subject to 51% attack and a government could buy up enough hashing power to perform a DOS. However, I think that BitShares has another means of preventing the 51% attack.
Every node in the network has financial incentive to accept the block that pays the most dividends. Because all transactions are 'broadcast' every node has an idea of how many dividends *should* be available in a published block. Any block that doesn't contain 80% of the published fees could be rejected. An attacker with 51% of the hashing power would no longer have the power to deny valid transactions with high fees. They could only succeed in denying the bottom 20% of transactions which would push up fees and thus mining rewards/dividends and therefore increase the network security until there was an equilibrium between fees and security.
In this way I have given all share-holders a financial incentive to reject forked chains even if they are not mining. Miners would then realize they would be unable to spend their profits with these users and thus would not have any incentive to cheat the shareholders out of their dividends in an effort to manipulate which transactions are in or out.
|
|
|
|
jaekwon
Member
Offline
Activity: 70
Merit: 10
|
|
June 15, 2013, 04:28:31 AM |
|
Any block that doesn't contain 80% of the published fees could be rejected. An attacker with 51% of the hashing power would no longer have the power to deny valid transactions with high fees.
Denying valid transactions is just one attack vector. You can't prevent a double-spend that way, as the attacker would double-spend in forked chains that also include all other transactions. In this way I have given all share-holders a financial incentive to reject forked chains even if they are not mining.
Depending on the details, there may be further attack vectors that involve making nodes reject good chains.
|
|
|
|
bytemaster
|
|
June 15, 2013, 06:07:32 AM |
|
double-spending is not a 'global' attack on the network and could occur with less than 51% depending upon how many confirmations you require.
The only people motivated enough to attempt a 51% attack are those who want to DOS the network.
Define 'good' chains... all chains must follow the 'rules' so they are all equally good... but the chain that pays the highest dividends is 'best' provided it also has the requisite difficulty *and* didn't leave any potential dividends on the table.
|
|
|
|
|
bytemaster
|
|
June 17, 2013, 02:21:34 AM |
|
Where did everyone go? Any feedback on the white paper?
|
|
|
|
XertroV
Member
Offline
Activity: 88
Merit: 12
Max Kaye
|
|
June 17, 2013, 03:50:25 AM |
|
Where did everyone go? Any feedback on the white paper?
Still here, just waiting on the time and energy for comment. Haven't read the updated whitepaper yet though. In regards to the previous one I read I think it needs some more technical details before I can wrap my head around it. Will provide more feedback in a few hours.
|
|
|
|
td services
Sr. Member
Offline
Activity: 448
Merit: 250
black swan hunter
|
|
June 17, 2013, 05:25:50 AM |
|
I read through it, looked interesting. I like the atomic exchange directly between blockchains. I would break it down into smaller components which are modularly expandable. I'd heard the term "Atomic", didn't know what it was until a few days ago, turns out it is exactly the capability I want to see in a p2p exchange client. I'm more interested in direct exchange, even if it isn't as fast as a trading exchange on a server.
The market dynamics will be interesting with the miners losing 50% of the incentive to mine to the dividends, but the market price may be higher due the dividends, so it may be a break even or even more profitable to mine.
I very much like the tying of mining capacity to RAM to discourage GPUs and ASICs. I'd rather see mining distributed even into mobile devices and Freedombox type mesh networking gateways.
|
|
|
|
bytemaster
|
|
June 17, 2013, 12:50:34 PM |
|
I wanted to clarify some things:
1) crypto-USD is not a separate blockchain, but is a separate 'unit' used on the same blockchain as BitShares.
2) Market Dynamics for mining will be interesting, and I think the result is that it will motivate people to start mining sooner. After all, as the money supply increases the rate of return falls. Miners who mine in the first year will end up seeing 100% dividend payments over the course of one year *if* they hold on to their bitshares after mining. As a result, you want to mine as early and often as possible and hold on to the shares as long as possible. This should cause the 'demand' for holding bitshares to be higher than the demand for holding bitcoins. If you factor in time-value of money then the value of mining will probably be MORE than bitcoin even though the immediate payout is less.
|
|
|
|
bytemaster
|
|
June 17, 2013, 01:20:20 PM |
|
It was brought to my attention that I didn't detail the deterministic trading algorithm:
Given the set of all unspent outputs as UnspentOut Given a currency pair, say crypto-USD / BitShares. Given the same pair, find all crypto-USD issuance (short positions) and sort by margin.
Find all bids and asks and sort them.
While the HighBid >= LowAsk Average the HighBid and LowAsk to calculate the current Price if the price > margin threshold of lowest margin position match bid against margin call at Price push any left-over short position or bid to the stack else match the bid and ask at price push any left-over bid or ask to the stack.
The result of the above loop will be a single transaction of the following form:
1) all referenced bids, asks, and margin calls as inputs 2) the net result of all trades and margin calls as outputs. * note a bid may be paritial matched against 100 different asks and there would only be a single input from that bid and a single output of any change. All of the intermediate steps would not enter the blockchain.
|
|
|
|
bytemaster
|
|
June 17, 2013, 08:26:58 PM |
|
Are there any developers on this thread that are interested in helping develop BitShares? If so, please contact me to discuss how you can be involved.
|
|
|
|
XertroV
Member
Offline
Activity: 88
Merit: 12
Max Kaye
|
|
June 18, 2013, 01:34:19 AM |
|
It was brought to my attention that I didn't detail the deterministic trading algorithm:
Given the set of all unspent outputs as UnspentOut Given a currency pair, say crypto-USD / BitShares. Given the same pair, find all crypto-USD issuance (short positions) and sort by margin.
Find all bids and asks and sort them.
While the HighBid >= LowAsk Average the HighBid and LowAsk to calculate the current Price if the price > margin threshold of lowest margin position match bid against margin call at Price push any left-over short position or bid to the stack else match the bid and ask at price push any left-over bid or ask to the stack.
The result of the above loop will be a single transaction of the following form:
1) all referenced bids, asks, and margin calls as inputs 2) the net result of all trades and margin calls as outputs. * note a bid may be paritial matched against 100 different asks and there would only be a single input from that bid and a single output of any change. All of the intermediate steps would not enter the blockchain.
I'm going to try and walk through the alg below, but before that, what happens when a bunch of information is published (by say a rogue miner working in secret) which pushes someone past an acceptable margin position, and data continues to flow in making the situation worse? Is this possible? Ignoring the possibility of a position requiring liquidation, is this how your alg works? Each element is volume@price (chosen pretty much randomly) Bids = [1@100, 3@99, 10@98, 1@97, 1@96] Asks = [3@101, 20@100, 2@99, 3@98, 2@97] Step No. | Action | 1 | Highest Bid = 1@100, Lowest Ask = 2@97 | 1.1 | As 100 >= 97, trade procedes | 1.2 | Average: 98.5; 1 unit traded at 98.5 | 2 | Highest Bid = 3@99, Lowest Ask = 1@97 (remainder from prev trade) | 2.1 | 99 >= 97, check; average is 98, 1 unit traded at 98. | 3 | Highest Bid = 2@99, Lowest Ask = 3@98 | 3.1 | 99 >= 98; average 98.5, 2 units traded at 98.5 | 4 | Highest Bid = 10@98, Lowest Ask = 1@98 | 4.1 | 98 >= 98; average 98, 1 unit traded at 98 | 5 | Highest Bid = 1@98, Lowest Ask = 2@99 | 5.1 | 98 < 99; NO TRADE |
At the end the order-book-thing stands at: Bids = [9@98, 1@97, 1@96] Asks = [3@101, 20@100, 2@99] Total trades: 4, volume: 5 Edit: as an aside, the pattern I've worked through above is what is used in Marketcoin (currently)
|
|
|
|
|