A programmable blockchain is of course very exciting for any programmer. But as I wrote in a prior post of your thread, Ethereum has a fundamental error in their design—every node in the consensus network recomputes the script to verify it. That is the antithesis of decentralization. They will need centralized censorship and a script whitelist, or a cap on script computation bandwidth. No peers can opt out of that computation, so the network computation bandwidth is limited to the weakest CPU peer. SNARKs technology is a potential solution, but it is not yet a realizable solution and may never be.
IMO, that is just dumb.
Vitalik has produced other dumb designs too (I guess we all have at one time or another). Originally Charles asked me before he started to work Vitalik about Vitalik's original whitepaper (before Ethereum) PoW algorithm and I blew holes in it, which have hence been publicly admitted by Vitalik. Vitalik is math smart (smarter than myself), but appears to be common sense dumb. Typical geek trade-off.
I had proposed months ago that a more decentralized solution for a programmable block chain is to let each script be an orthogonal merge mined block chain. So then consensus network peers can opt in and out. This also allows more competition on the design of the scripting language. The disadvantage is you just can't inject your script and have it run (need to convince peers to run it) unless that chain runs a scripting language that has a cap on script computation bandwidth (i.e. just like Ethereum with the advantage of competing merge mined block chains). In my proposal the maximum cap could be specified per block chain, so only peers with sufficient CPU power would mine it.
>Vitalik has produced other dumb designs too
Yes. He needs another ten years of experience. You learn over time to simplify things and not do as much as you are able to. Perspective in software architecture and design takes decades until you start producing iPhone level elegance in design.
The decision to implement the coin in twenty different programming languages is just waste of resources.
Bitcoin and Skycoin has its own organizational problems, so expecting ETH to be perfect is unreasonable. I think they are doing good good job.
Organizational issues are however, easier to fix than design issues. Organization can be fixed by bringing people on, but design relies on perspective, inspiration and experience. Organization is more fungible than design knowledge, which cannot even be bought but must be learned through self-investment and is painstaking.
>I had proposed months ago that a more decentralized solution for a programmable block chain...Each person has their own personal blockchain. They sign the blocks with their private key. Other peers record the blocks peer-to-peer so everyone knows if there are two blocks at depth-N and if someone tries to backdate a block. You dont need mining or even consensus.
Code:
- setting up personal blockchain, writing data to it
--
https://github.com/skycoin/skycoin/blob/master/src/aether/example/chain/main.go--
https://github.com/skycoin/skycoin/blob/master/src/aether/hashchain/chain.goThat is a full personally blockchain implementation in 160 lines of code. You can put ETH script or anything you want that can be serialized as byte, into your blocks. We will have peer-to-peer, blockchain replication in six lines of code, after the new merkle-dag libraries are done.
>turing complete
Choose a virtual machine. Take a program, the program hashes to H1. Take data, which hashes to H2.
H1(H2), H1 (function applied to data, producing output data H3). Programs are hashes. Data is hashes. The output of a function is data described by a hash.
You do not need a total ordering of transactions. You only need a partial ordering. This means that peers can actually discard the transactions/computations thay are irrelevant to them. They would only grab them when they needed them.
You do not need consensus on the whole transaction set. Bitcoin's consensus mechanism is very coarse, a total ordering. Distributed computation does not require a scarce, finite asset like Bitcoin.
Scarce finite asset, is just asset with rule "cant use same input twice". So you have to know if an input has been used previous in computation in network (requiring whole transaction history or set of the global state of the distributed computer). The distributed computer only becomes tractable and scales over millions of CPU nodes and makes sense mathematically if it is "local" and not "global". That means each node has a subset of the directed acyclic graph of computations.
There is a bipartite directed acylic graph.
- "Outputs" created and consumed by computations are square nodes.
- Computations or transactions are circle nodes.
- If a computation consumes an output, there is an arrow from the square node to the circle node.
- If an output is created by a transaction/computation there is an arrow from the transaction to the outputs it creates.
In Bitcoin there is a ledger and Bitcoin is based upon a deed system of real estate. Skycoin is based upon a triple entry accounting Torrens title or deed registration system.
In Bitcoin, you have to go back to go prove the whole chain of transactions going back to genesis, proving ownership and that the block
Every single problem with Bitcoin ownership, double spending consensus, was already solved hundreds of years ago in the development of real estate property law
-
http://en.wikipedia.org/wiki/Estoppel_by_deed- what prevents double spending of real estate? What prevents me from selling the same piece of land to two different people
The bridge between local and global is time stamping. You do not actually need a block chain at all. You only need to determine consensus on
- whether an output has been spent in the past
- if two or more computations have spent an output, then determine which one came first (the valid one)
You dont need mining at all. For instance, you and the receiver can designate a mutually agreed about merkle-hash/hash-chain timestamping authority and require a time stamp for the transaction. You include the time stamp from the authority with the transaction. Anyone can go back to beginning of asset and independently verify property claim chain. If there are two claims for transfer the one with the ealiest time stamp is valid.
Deed registration is time stamping. It is creating a total ordering on transaction existence (transfer of assets).
If you are deal with transaction across different causal regions at a space-like separation, then you end up with vector clocks. There is a partial ordering, not a total ordering over events/transactions/deed registrations/timestamps.
Bitcoin is actually incompatible with the physics of our universe. It only works because earth is small compared to the speed of light. 0.2 light seconds distance across the surface of the sphere. This time is small enough compared to the consensus time to create the illusion of a total ordering of events in time. If you had Bitcoin miners on Mars and Jupiter or another star system, then proof-of-work cannot enforce digital property rights. If the separation between the miners if more than 5 light minutes, then the orphan rate hits the maximum. Consensus is not achieved. If Earth has more hashing power than Jupiter, then 100% of every blocked mined on Jupiter gets orphaned because of light propagation speed/latency.
Skycoin consensus is currently using a total ordering (for now) and consensus time actually increase with the latency of signal propagation across the causal region containing the consensus nodes.
To be compatible with space-like separation between the consensus nodes, you need to define a partial ordering over transaction (vector clocks) instead of a total ordering like Bitcoin. If Elon colonizes mars, the Martian Bitcoin miners are going to drive up the Bitcoin orphan rate or the blocktimes will need to be increased even higher. 0
Bitcoin is not the only model for decentralized systems of ownership and transfer digital property. It is not the final system. It is not the best system. It is a prototype first gen system.
Once you start doing consensus on the partial ordering on the transactions you begin to see that the bipartite directed acylic graph of transactions (consume outputs, create outputs) and outputs is the fundamental structure, not the blockchain. You begin to see that the blockchain is just a very special case of a more powerful and general mathematical structure.
People are still obsessed with the blockchain. It took them five years to even understand the blockchain and see its other applications, but what comes after the blockchain is something so powerful and general, that it will take decades for the full impact on civilization to be felt. The mathematical structure that generalizes the blockchain consensus to consensus on partial orderings, to me personally appears to be on the magnitude of the laser, invention of fire or the internet itself. This is the god tier for distributed computation.
The direction of time is enforced, because of time stamping/registration and because you cannot go back and change transactions without a private key used in the inputs for the transactions. This is weak condition. There is a stronger "compression" function type system, that takes N inputs, destroys them and creates new outputs. It allows pruning of trees of transactions leading to inputs consumed in the compression function. This is a "checkpoint system".
These "Compression functions" destroy history or allow you forget state. They compress in the sense of destroying bits from the state or history set , to prevent it from growing infinitely. In Bitcoin these types of compression functions would allow duplicate coinbase outputs, unless constructed correctly. A system for data and distributed computation, looks different than the bitcoin system, which is designed to enforce property claims on finite resource tokens.
Feynman has something about this, in ASICs, about increase in entropy and heat creation when you clear bits or set them to zero in an ASIC circuit vs reversible computations. I dont know if there is a thermodynamic analogy. There are certain operations that "wipe bits" and allow you forgot transaction history. There are operations that increase the size of dataset and create data that must be remembered and operations that allow you wipe out old history and just forget it.
This means tracing outputs back to the last "compression function" event they were passed through, instead of needing to go back and trace the dead of the output, back to genesis.
The "compression functions" correspond to a bitcoin like, total ordering of consensus. However, the system still allows the partial ordering systems (these are roughly side chains). The bitcoin community has a path dependency and is redeveloping the same technology, but from a sidechains/colorcoins angle, instead of looking at the underlying mathematics.
There is no "intersection" operator between blockchain forks. There is an intersection operator on the bipartite transaction/output graph and partial ordering on the transaction set. This means that two nodes can disagree and not have global consensus but they can still achieve consensus on non-contentious sub-graphs of the bipartite transaction/output graph.
Global consensus is much more difficult than local consensus. Some forms of local consensus lead to global consensus naturally.