What exactly is the problem with a low verification time?

[MoMoneyMonetarism]

It's been explained to me elsewhere that a low verification time increases the amount of orphan blocks.
How?
Why?

Does this type of network inherently fail?
If so, why?

Are there costs associated to a cryptocoin with lots of orphan blocks?
What are they?
Why?

Are lots of orphan blocks a nuisance that clogs up miners' networks and systems, or do they actually prevent a cryptocoin from succeeding?
Why?

[desticy]

i'm not agree.

[MoMoneyMonetarism]

i'm not agree.

Please explain why.

[Anon136]

Ok so think about it this way. If it takes a few seconds to propagate a new block across the network, having a strong Internet connection may give you say a 2 second advantage. With 10 minute blocks you wouldn't think this matters but actually it does matter quite a bit. Profit is made on the margins, someones profit margin may be less than a percent. 2 seconds represents about 0.0016% of 10 minutes, meaning you get ~ a 1/10th of 1% advantage for having that faster internet connection. This could represent a 10% increase in profit. This is a very big incentive for miners to find ways to get stronger faster internet connections.

This same principal could be pushed further. Imagine if miners in one major city somewhere could purchase their own land lines and build a physical network. Or even further, what if they pool their resources to buy a facility and keep all of their mining equipment in the same large room. This is exactly the sort of centralization bitcoin is designed to avoid.

the faster the block time the more advantage you get for centralizing because think about it this way. If you have 1 minute block times a 2 second advantage nets a 3.3% increase efficiency. thats HUGE incentive to centralize if your profit margin is 1% to begin with.

anyway i know this isnt the best explanation i just hope it gives you a basic idea of the problem.

*edit* with all of that being said i do think satoshi should have chosen faster block times, 10 minutes is too long but he was just trying to play it really safe, i understand that.

[MoMoneyMonetarism]

Thank you Anon136 for that education!

OK, assuming for the purposes of this question that more centralization is not a concern or that it can be sufficiently thwarted with Peercoin's hybrid proof-of-stake/proof-of-ownership model, are there any other problems for the senders/receivers?

Does the system inherently break down because of the many orphan blocks?  I have heard this is the case but not the explanation why.

The failure of currencies such as Smallchange and Mincoin have been cited as practical examples of the limitation of high speed verification, but I can find nothing that blames the verification speed itself, only bad support or ill-prepared and ill-executed protocol updates.

Can a cryptocurrency with a high verification speed succeed in terms of security and reliability?

Also, saw some of your posts on SmallChange.  Thank you for the information!  Could you go into detail on this?  https://bitcointalk.org/index.php?topic=182430.msg1912491#msg1912491  Why do confirmations give no security at all?

Also, how is the 20%er able to create his own chain?  Won't the rest of the network see that his verifications are false?  https://bitcointalk.org/index.php?topic=182430.msg1922820#msg1922820

[Anon136]

Thank you Anon136 for that education!

OK, assuming for the purposes of this question that more centralization is not a concern or that it can be sufficiently thwarted with Peercoin's hybrid proof-of-stake/proof-of-ownership model, are there any other problems for the senders/receivers?

Does the system inherently break down because of the many orphan blocks?  I have heard this is the case but not the explanation why.

The failure of currencies such as Smallchange and Mincoin have been cited as practical examples of the limitation of high speed verification, but I can find nothing that blames the verification speed itself, only bad support or ill-prepared and ill-executed protocol updates.

Can a cryptocurrency with a high verification speed succeed in terms of security and reliability?

Also, saw some of your posts on SmallChange.  Thank you for the information!  Could you go into detail on this?  https://bitcointalk.org/index.php?topic=182430.msg1912491#msg1912491  Why do confirmations give no security at all?

Also, how is the 20%er able to create his own chain?  Won't the rest of the network see that his verifications are false?  https://bitcointalk.org/index.php?topic=182430.msg1922820#msg1922820

Ok so the extent to which peercoin still uses proof of work is the extent to which this will still be a problem. I really think sonny king should have put the phasing out of the proof of work on a hard timeline but hindsight and what not.

Ok so yea there are other problems with orphan blocks. So the bottleneck in how many transactions we can put in a block is not the block size being stored on peoples hard drives (as is the common misconception) it's how many transactions a miner can download. If we have regular orphan blocks, lets say 2/3 of all blocks a miner downloads are orphan blocks than the network can only reliably record 1/3 as many transactions as if the miner were downloading 0 orphan blocks since 2/3 of everything he downloaded is just garbage.

If you have TOO many orphan blocks than that can turn into a calamity. No miner can reasonably be expected to check all of the chains floating around so some totally honest miners would end up mining on a chain that isnt the longest because they simply hadnt checked all of the chains and hadnt located the one thats actually the longest. You could end up with a situation where honest nodes were doing the exact same thing that everyone fears dishonest nodes may do, saving up a secret chain and publishing it later. This would make confirmations unreliable, potentially even MANY confirmations could be unreliable, you could have 60 confirmations on 1 minute blocks and suddenly your client finds an even longer chain that that which was incubating hidden on some dank dark corner of the network.

Ok so about that post. Let me use an example. Imagine that we have A who is a single person and B who is a group of 10 people. Lets say they have the same hashing power. Lets say that it takes 10 seconds to propagate a block across the whole network. Lets say the block time is 20 seconds. Lets say that a is an attacker who wants to save up his own chain and publish it later inorder to double spend. A starts mining, in 20 seconds he produces his first block, 20 seconds from then he produces his second block ect... after 10 minutes he has produced 30 blocks. Now lets compare the group of 10. Group B are all honest. after 20 seconds the first block is created by B_1. B_1 publishes his block and after 10 seconds the rest of group b has the new block. They all start mining on it, after 20 seconds one of them finds the next block and he publishes it, after 10 seconds the rest of the group gets it and they start mining on it. ect... So we see that after 10 minutes group B has produced only 20 blocks. Even though group b has the exact same amount of hashing power as A they just cant compete. You can keep pushing this further. Imagine if it took 10 seconds to propagate a block across the network and the block time was 10 seconds. In this network if you had one dishonest miner with 1GH/s and 1 million honest actors with 0.75Gh/s each, his 1GH/s could over power all 1 million of them.

[MoMoneyMonetarism]

Again Anon136, thank you so much for educating me!

Ok so the extent to which peercoin still uses proof of work is the extent to which this will still be a problem. I really think sonny king should have put the phasing out of the proof of work on a hard timeline but hindsight and what not.

You think that Peercoin should be PoS instead of the hybrid PoW/PoS model (I presume) it's currently working on?  I had heard that the hybrid model was more secure.  Is that not true?  If not, could you please explain why?

Ok so yea there are other problems with orphan blocks. So the bottleneck in how many transactions we can put in a block is not the block size being stored on peoples hard drives (as is the common misconception) it's how many transactions a miner can download. If we have regular orphan blocks, lets say 2/3 of all blocks a miner downloads are orphan blocks than the network can only reliably record 1/3 as many transactions as if the miner were downloading 0 orphan blocks since 2/3 of everything he downloaded is just garbage.

Double thank you!  I had wondered if this was an issue with low transaction verification times.  Thank you so much for confirming this!

If you have TOO many orphan blocks than that can turn into a calamity. No miner can reasonably be expected to check all of the chains floating around so some totally honest miners would end up mining on a chain that isnt the longest because they simply hadnt checked all of the chains and hadnt located the one thats actually the longest. You could end up with a situation where honest nodes were doing the exact same thing that everyone fears dishonest nodes may do, saving up a secret chain and publishing it later. This would make confirmations unreliable, potentially even MANY confirmations could be unreliable, you could have 60 confirmations on 1 minute blocks and suddenly your client finds an even longer chain that that which was incubating hidden on some dank dark corner of the network.

Triple thank you!  I can't express to you my gratitude for you clearing up these issues for me with in depth explanation!  I've been trying to get to the bottom of this for days.

So the only way to be a successful miner for a low transaction time crypto is to check all available chains?

Also, if a miner was to save up and then publish the longest, is there no way to thwart this?  Could a miner only be allowed to add no more than one block to the chain in a row?  "Proof of presence" or something?   

Ok so about that post. Let me use an example. Imagine that we have A who is a single person and B who is a group of 10 people. Lets say they have the same hashing power. Lets say that it takes 10 seconds to propagate a block across the whole network. Lets say the block time is 20 seconds. Lets say that a is an attacker who wants to save up his own chain and publish it later inorder to double spend. A starts mining, in 20 seconds he produces his first block, 20 seconds from then he produces his second block ect... after 10 minutes he has produced 30 blocks. Now lets compare the group of 10. Group B are all honest. after 20 seconds the first block is created by B_1. B_1 publishes his block and after 10 seconds the rest of group b has the new block. They all start mining on it, after 20 seconds one of them finds the next block and he publishes it, after 10 seconds the rest of the group gets it and they start mining on it. ect... So we see that after 10 minutes group B has produced only 20 blocks. Even though group b has the exact same amount of hashing power as A they just cant compete. You can keep pushing this further. Imagine if it took 10 seconds to propagate a block across the network and the block time was 10 seconds. In this network if you had one dishonest miner with 1GH/s and 1 million honest actors with 0.75Gh/s each, his 1GH/s could over power all 1 million of them.

Thank you for the real world examples!  That's really the only way I can hope to understand.

Could this attack not be thwarted with PoS and "proof of presence"  as outlined above?

Can you think of any other security feature that could break this down or at least reduce the risk to some sort of tolerable level?

Thank you Anon136 for your tutelage! 

[Anon136]

The truth is i know a lot more about bitcoin than i do peercoin. So im really moving out of my comfort zone here. I'm really not sure if a hybrid model is more secure. It is my understanding that POW was used to get a reasonably homogeneous and fair initial distribution of currency and that the ultimate goal for peercoin is to eventually phase out POW entirely. Peercoin sort of relies on the idea that anyone who controls a large stake will have more to lose from a doublespend than to gain since the doublespend would reduce the value of his stake and anyone who controls a small stake will not be able to produce more than a single block at a time. Still I see some problems with this idea. What if the owner used his stake to buy a put option right after the doublespend? what if he is even more heavily invested in an alternative currency that would absorb a large portion of the capital exodus from peercoin? what if he can liquidate his stake before news spreads of the doublespend? If however peercoins security model is fundamentally sound than you should be able to get pretty fast and secure confirmations.

Also, if a miner was to save up and then publish the longest, is there no way to thwart this?  Could a miner only be allowed to add no more than one block to the chain in a row?  "Proof of presence" or something?

there would be no way to determine whether two block authors were actually the same person.

Can you think of any other security feature that could break this down or at least reduce the risk to some sort of tolerable level?

i have been thinking about this a lot and i do think i have solved the problem of waiting for secure confirmations but its rather complicated to explain here. I made a thread about it but there were some problems in my initial outline. problems that i now think i have solved. maybe ill go back and try to update this thread to reflect that fact.

https://bitcointalk.org/index.php?topic=343923.0

[samsam]

I am not convinced there is a "problem" with low confirmations times. Litecoin has a 2.5 min confirmation time and it seems to work just fine. Sure, confirmation times of less than 1 min are going to be problematic, but anything above 1 min seems fine. Thus, this talk of "problems" with low confirmation times seems academic and totally theoretical.

[MoMoneyMonetarism]

Thank you so much for continuing to help me with this Anon136!

The truth is i know a lot more about bitcoin than i do peercoin. So im really moving out of my comfort zone here. I'm really not sure if a hybrid model is more secure. It is my understanding that POW was used to get a reasonably homogeneous and fair initial distribution of currency and that the ultimate goal for peercoin is to eventually phase out POW entirely. Peercoin sort of relies on the idea that anyone who controls a large stake will have more to lose from a doublespend than to gain since the doublespend would reduce the value of his stake and anyone who controls a small stake will not be able to produce more than a single block at a time. Still I see some problems with this idea. What if the owner used his stake to buy a put option right after the doublespend? what if he is even more heavily invested in an alternative currency that would absorb a large portion of the capital exodus from peercoin? what if he can liquidate his stake before news spreads of the doublespend? If however peercoins security model is fundamentally sound than you should be able to get pretty fast and secure confirmations.

This is why I was thinking that a hybrid PoW/PoS would be superior to either/or, just to make it that much costlier for a miscreant.  

Actually, I would prefer as many valid Po's as possible.

there would be no way to determine whether two block authors were actually the same person.

Can't the same technique that verifies PoS be used for PoP?

i have been thinking about this a lot and i do think i have solved the problem of waiting for secure confirmations but its rather complicated to explain here. I made a thread about it but there were some problems in my initial outline. problems that i now think i have solved. maybe ill go back and try to update this thread to reflect that fact.

Please do!  I personally can never get enough security.

Would you mind too terribly taking a look at my post in altcoins?  My expertise lies more in economics, so your gracious advice would be invaluable!  

https://bitcointalk.org/index.php?topic=373385.msg3995296#msg3995296

[MoMoneyMonetarism]

Thank you for contributing samsam!

I am not convinced there is a "problem" with low confirmations times. Litecoin has a 2.5 min confirmation time and it seems to work just fine. Sure, confirmation times of less than 1 min are going to be problematic, but anything above 1 min seems fine. Thus, this talk of "problems" with low confirmation times seems academic and totally theoretical.

I think you can find evidence of the issues involved with a high-speed transaction crypto at the SmallChange experiment.

 https://bitcointalk.org/index.php?topic=182430.0

I do not come close to having the technical expertise to pinpoint what the problem actually was, but it does seem that some miners had the problem that Anon136 predicted.

Economically speaking, I think that the availability of instantaneous transactions are necessary for the total displacement of traditional currencies by cryptocurrencies.

I think I may have a solution to make difficulty more flexible and based upon the relative needs for speed & confidence.  I would very much appreciate your input!

https://bitcointalk.org/index.php?topic=373385.msg3995296#msg3995296

Would you mind posting a solution to this thread's problem at the highest speeds if you have one?  Thank you so much in advance!