Bitcoin Forum
November 22, 2017, 04:39:08 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Delegated Proof of Stake (DPOS) White Paper by Daniel Larimer  (Read 9946 times)
CLains
Sr. Member
****
Offline Offline

Activity: 255


View Profile
April 05, 2014, 12:22:13 PM
 #1

Delegated Proof-of-Stake (DPOS)
by Daniel Larimer
April 3, 2014

Abstract


This paper introduces a new implementation of proof of stake that can validate transactions in seconds while providing greater security in a shorter period of time than all existing proof of stake systems. In the time it takes Bitcoin to produce a single block a DPOS system can have your transaction verified by 20% of the shareholders and by the time Bitcoin claims the transaction is almost irreversible (6 blocks, 1 hour) your transaction under DPOS has been verified by 100% of the shareholders through their representatives.

http://107.170.30.182/security/delegated-proof-of-stake.php

Daniel "bytemaster" Larimer is answering technical questions in this thread.
1511325548
Hero Member
*
Offline Offline

Posts: 1511325548

View Profile Personal Message (Offline)

Ignore
1511325548
Reply with quote  #2

1511325548
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511325548
Hero Member
*
Offline Offline

Posts: 1511325548

View Profile Personal Message (Offline)

Ignore
1511325548
Reply with quote  #2

1511325548
Report to moderator
1511325548
Hero Member
*
Offline Offline

Posts: 1511325548

View Profile Personal Message (Offline)

Ignore
1511325548
Reply with quote  #2

1511325548
Report to moderator
muddafudda
Hero Member
*****
Offline Offline

Activity: 924



View Profile
April 05, 2014, 01:28:58 PM
 #2

A paper justifying a 100% premine. Honestly?

solaaire
Newbie
*
Offline Offline

Activity: 7


View Profile
April 05, 2014, 06:45:20 PM
 #3

Sounds great on paper - hoping to see it implemented somewhere soon!

Quick question: what prevents Ripple from utilizing DPOS to generate future unique node lists?
l4p7
Member
**
Offline Offline

Activity: 70


View Profile
April 05, 2014, 08:16:00 PM
 #4

A paper justifying a 100% premine. Honestly?

You didnt read it. This is not about coin distribution but about payment verification.
CLains
Sr. Member
****
Offline Offline

Activity: 255


View Profile
April 06, 2014, 12:01:50 PM
 #5

Sounds great on paper - hoping to see it implemented somewhere soon!

Quick question: what prevents Ripple from utilizing DPOS to generate future unique node lists?

I quoted you on the bitsharestalk forum and Daniel "bytemaster" Larimer and delulo replied,

From bitcointalk, https://bitcointalk.org/index.php?topic=558316.msg6086884#msg6086884

Sounds great on paper - hoping to see it implemented somewhere soon!

Quick question: what prevents Ripple from utilizing DPOS to generate future unique node lists?

Nothing prevents Ripple from doing this..

The difference is: It wouldn't make much of a difference towards the current state of ripple because they control more than 50% of the money supply anyway... The more distributed BTS are the more decentralized it is!!

Inside Ripple the 90% are divided among many players..... so it may still be of some use to them... especially if they ever want to sell.

Good point. But the potential for collusion is still higher than with BTS shareholders...

Join the discussion here https://bitsharestalk.org/index.php?topic=4009.0 Smiley
benjyz
Full Member
***
Offline Offline

Activity: 140


View Profile
April 23, 2014, 09:52:41 PM
 #6

Interesting stuff. I wish the altcoin forum structure would be such that good posts are highlighted.

How does this approach tie in with the following statement?

Quote
The future of currency is not shares in decentralized companies such as Bitcoin, but instead in assets issued by these companies that have the price stability of the dollar, gold, or silver.
clout
Full Member
***
Offline Offline

Activity: 209


View Profile
April 25, 2014, 12:24:50 AM
 #7

Interesting stuff. I wish the altcoin forum structure would be such that good posts are highlighted.

How does this approach tie in with the following statement?

Quote
The future of currency is not shares in decentralized companies such as Bitcoin, but instead in assets issued by these companies that have the price stability of the dollar, gold, or silver.

right now we are using shares in a decentralized company as currency because they are a good medium of exchange simply by virtue of their digital nature. the point of bitcoin (the network) is to provide a better a currency, so shouldn't these decentralized companies do just that? currencies that are not beholden to inflation or price instability. essentially they are financial instruments of the clients choosing. this is what bitshares x (the decentralized autonomous bank and exchange) allows. individuals can use this bank to acquire assets that maintain the purchasing power of any asset that you can think of. the bank holds at least 200% reserve for all the debt that it issues, so there is no possibility of default. everything within the system is collateralized and accounted for with the bank's shares. as the banks market cap increases it can issue more debt, but it can only do so in accordance with rule that debt can only be issued with 200% collateralization.
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518


View Profile
May 02, 2014, 01:42:25 AM
 #8

It is time to squash Proof-of-Stake once and for all. It can NEVER remain decentralized. Satoshi's Proof-of-Work is the only known solution to the Byzantine General's Problem (was a known unsolved problem since at least the 1970s).

Apologies I've been busy and hadn't had time to squash bytemaster's latest N.A.O.D. (nonsense algorithm of the day).

First of all, he never was able to address the issues I raised about Transactions as Proof-of-Stake quoted as follows.

This proposal appears to be flawed, unless I am missing something. I have only read the first 4 pages thus far.

1. You propose to decrease the coin rewards as coin-days-destroyed volume increases, so this makes it less costly for an attacker to obtain > 50% of the hash rate assuming the attacker includes all the transactions. You apparently are attempting to imply there is no useful attack to do if the attacker is including the most coin-days-destroyed? Please confirm or deny then I will dig into more analysis of this vector.

2. Also how do you choose between someone who generates a proof-of-work hash with lower coin-days-destroyed several times sooner than the network propagation delay versus another who generates it that much delayed with a higher coin-days-destroyed? If you choose the latter, then you've killed the proof-of-work incentive because it means it will always pay to be later and wait for more transactions to arrive.

3. You claim to defeat my Transactions Withholding Attack, by blacklisting those who send blocks with transactions that were not recently seen by all miners. I retorted against this recently. This centralizes the network (all for one and one for all outcome) by requiring every miner to be responsible for the incoming network connectivity of other miners. And it centralizes the network in other ways, such it can't tolerate a temporary partitioning of the network due to connectivity outages.

P.S. By coin-days-destroyed, I assume you mean coin value x days, otherwise you would motivate proliferation of dust.

The most significant flaw of any proof-of-stake system and any system that diminishes coin rewards, is it can't distribute currency from the hoarders to the users of the currency, thus it will end up with the hoarders (the banksters) accumulating all the coin and the currency usage dying.

This is because the wealthy spend a much lower % of their net worth than the masses do.

[snip]

Whereas those who actually mine are proactively using their time, ingenuity, initiative and capital to secure the network, thus it seems more capitalistic they should receive the redistribution from the hoarders. Besides it may beis the only viableplausible way to secure the public ledger.

The other attacks you describe all derive from the fundamental reason I declared all non-proof-of-work systems to be insecure back in April.

My logic was mathematically fundamental. The input entropy set is quite deterministic and well known and thus can be preimaged. For example, accumulating a lot of coin-days-destroyed and then targeting them in clever ways to subvert the security.

The randomness (entropy) of each proof-of-work is fundamental and mathematical and it can not be preimaged. It can only be surely defeated with > 50% of the network hash rate. Note I recently offered what I believe to a solution to the selfish-mining attack (the one at hackingdistributed.com that claims 25 - 35% attack).

I am skeptical that you can characterize all possible attack vectors of proof-of-stake in one coherent mathematical proof. Thus you will not know formally what the security is; instead a list of adhoc attacks and counter-measures.

[snip]

Edit: Perhaps coin-days-destroyed in some attack vectors motivates not transacting for long periods of time.



The bottom line is that no proof-of-stake system can ever remain decentralized.

They all will require some sort of delegation of reputation to achieve consensus. I would have to go through a laundry list of examples to cover all the cases. For example, in Transactions as Proof-of-Stake it is required to delegate trust of propagation to the other nodes as I explained above. Thus there needs to be some reputation system to enforce this, e.g. blacklisting, whitelisting, etc.. All the other proof-of-stake systems have a requirement for some form of delegated reputation.

I have many times explained to bytemaster and others the fundamental problem is that any system that attempts to replace proof-of-work will rely on some form of reputation, and reputation is centralization. And centralization is precisely what decentralized crypto-currency is not supposed to be because centralization will always end up control and manipulated (i.e. it is a fiat system).

Trust is orthogonal to reputation and centralization. I can trust Proof-of-Work, which is decentralized trust without reputation. Reputation isn't needed in Proof-of-Work, because the input entropy is fresh (can't be preimaged) on every new TB.

You can 75% attack it if you like, but your nodes wont have any trust, so that block chain will just be ignored.

(In any non-Proof-of-Work design, ) It is mathematically impossible for there to be external consensus trust of the honest chain if the dishonest chain is controlled by more than 51% of the peers. We've covered some of the scenarios upthread, and it always boils down to that the external viewers can not know who to trust except by trusting the majority of peers.

The only mathematical way around this is to centralize the network, by placing more trust in some peers than others over time.

Indeed long-term reputation is a mathematically viable alternative to Proof-of-Work. This is centralization. There are tradeoffs.

So this is not "7 billion individually watching the network", but rather a fewer # of peers with reputation being trusted. This is just the political power vacuum all over again with its contingent problems of vested interests Olsen power scramble:

https://bitcointalk.org/index.php?topic=226033 (No Money Exists Without the Majority)

Notwithstanding the above, any non-Proof-of-Work system can be attacked with much less than 51% of the peers, due to the fact that the input entropy is preimageable, as I explained upthread. Again the only way to work around this is to trust some established peers to guard against this.

Financial transactions must be recorded in a public or private ledger trusted by both the spender and the recipient, otherwise funds could be unspent or double-spent to a plurality of recipients. To provide a ledger that can't be captured, Satoshi described a proof-of-work (PoW) scheme where transaction peers communicating over the network compete to be the first to solve a computational puzzle which is unique for each block of transactions added to a public ledger. The security of this ledger against double-spends has three (3) essential requirements.

1. The computational puzzle can't be preimaged, i.e. nothing can be known about solving the puzzle until the prior block's puzzle is solved.

2. Without at least 50% of the aggregate computational power of all transaction peers, it is not possible to create a modified chain of blocks starting from any present or past block, which would contain more blocks than the block chain controlled by the remaining cooperating peers. Thus the longer chain is trusted.

3. The block chain is cryptographically linked in forward order, such that the historical proof-of-work and transactions can be independently verified at any time in the future. Thus the transaction peers may leave and rejoin the network at will without need for a trusted centralized storage.

Note security point #1 eliminates from consideration PoW schemes in which the puzzle is some real-world computational work because the puzzles are known a priori and are thus pre-imageable. Non-PoW voting and membership schemes disqualify because the ordering of designation of authority (to decide which transactions are in each block) to transaction peers is pre-imageable, or requires peers trusted by reputation which is centralizing on a slippery slope towards Olsen capture.

You must also consider the negative impacts of design features when you state the positive impacts.

Reputation has many downsides:

a. It can be stolen, e.g. threaten first to extort private key, then kill, and keep key.
b. Censorship based on metadata which doesn't always correlate rationally.
c. Discriminate against early adopters out of jealously, i.e. retribution for #b.
d. Regulatory authorities can require the BitName same as they now do Social Security # and Id. They can now establish the BitName is real, because it has (duration) reputation.

The high cost to transfer or revoke a name also has many downsides, e.g. see #d.

I thinking the pool operator (server) does so little relative to work of the pool miners that it doesn't need to charge a very high fee. Thus there isn't much ability (incentive for pool miners) to undercut competitors based on fee.

So there just needs to be a slightest incentive to encourage pool miners to seek out another pool as a pool grows large. This will encourage a poliferation of pools.

How do pool miners know that a pool server isn't cheating them by paying some of the earnings to themselves pretending to be a pool miner?

Go down that line of thought and you will discover what I am thinking.

The only way you can prove a pool isn't cheating is by estimating the hash rate of the pool and comparing it to the number of blocks found.  Unfortunately, you could probably still skim a couple of a percent this way.

Modern protocols (GBT & Stratum) both have the full coinbase transaction visible to the miners, meaning you can verify that the block being built will be paid to a certain address or has a certain message encoded in the block that identifies the pool.  This allows you to audit if the pool is trying to skim blocks if certain users start seeing work without a coinbase message that identifies the pool.  In the case of BTC Guild, it's both, they always pay to the same address and always include "Mined by BTC Guild" in the coinbase message.

It's not no-trust, but all it would take is a few % of users monitoring this to determine if a pool was trying to skim blocks by sending a certain % of work that doesn't include identifying marks.

How could anything less than 100% of the pool miners know if some of the coinbase transactions were to addresses not owned by pool miners who contributed shares?

Since you can never know if you are the 100% (because mining pool shares* are not recorded in the block chain), thus seems to me there is no way to verify if there is skimming or not, as bytemaster and I wrote.

*For those who don't know the terminology, a pool share is a proof-of-work hash below some threshold that is easier than the current network difficulty. It might also be a block solution.

Why don't you just use P2Pool? Is there any reason?

I was waiting for bytemaster to answer because I wanted to know his thoughts. Seems to me that you have no way to stop the Share Withholding Attack since it is decentralized. And every peer has to run more of a full client if I am not mistake. And there is a lot more overhead I believe. And perhaps also much less resistance against denial-of-service flooding. Frankly I didn't analyze for long enough to be very sure of my initial intuition which is to stay away from it.

I know it is generally impossible to enforce reputation on a 100% decentralized system. So I am intuitively skeptical of P2Pool.

P.S. I won't have time to go back here and debate. I am technically qualified and I am 100% sure I am correct.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
clout
Full Member
***
Offline Offline

Activity: 209


View Profile
May 02, 2014, 02:00:52 AM
 #9

the very point of dpos is to centralize for the purpose of specialization, which allows for faster block times and confirmations and also allows for scalability on the level of visa's 10,000 tps payment processor. the system is still decentralized in that there is no one point of failure and there is no one point of control. delegates have a simple job and can be fired on command if they do not perform their duties. consensus on a whole is reach by each individual stake holder, whereas in pow only hashing shares contribute to network consensus.

What makes you so technically qualified?
Voluntold
Full Member
***
Offline Offline

Activity: 168


View Profile
May 02, 2014, 03:59:12 AM
 #10

I skimmed through and all I had to see was 'reputation is centralization'.... No it's not.  A reputation system is not what led to fiat money.  That's ridiculous.  Please explain to me how a reputation system would lead to manipulation??? Ebay seems to be doing fine. 

Nxt:  NXT-5BHG-9VRE-QGW6-DRZVQ
kongdezhong
Newbie
*
Offline Offline

Activity: 13


View Profile
May 02, 2014, 07:35:25 AM
 #11

I skimmed through and all I had to see was 'reputation is centralization'.... No it's not.  A reputation system is not what led to fiat money.  That's ridiculous.  Please explain to me how a reputation system would lead to manipulation??? Ebay seems to be doing fine. 

Same question with you .Want a explaination.

Footballcoin:FqNRhUdyagmr28HcPjCVxMpp8ZrBbxEW92
benjyz
Full Member
***
Offline Offline

Activity: 140


View Profile
May 02, 2014, 10:17:34 AM
 #12

right now we are using shares in a decentralized company as currency because they are a good medium of exchange simply by virtue of their digital nature. the point of bitcoin (the network) is to provide a better a currency, so shouldn't these decentralized companies do just that? currencies that are not beholden to inflation or price instability. essentially they are financial instruments of the clients choosing. this is what bitshares x (the decentralized autonomous bank and exchange) allows. individuals can use this bank to acquire assets that maintain the purchasing power of any asset that you can think of. the bank holds at least 200% reserve for all the debt that it issues, so there is no possibility of default. everything within the system is collateralized and accounted for with the bank's shares. as the banks market cap increases it can issue more debt, but it can only do so in accordance with rule that debt can only be issued with 200% collateralization.

the big problem here is: shares, assets, instruments are legal terms. but we're not talking about transactions within jurisdictions, but in cyberspace. that is a HUGE difference, and very few people understand this. which is quite amazing really, because it should be obvious that these terms just don't apply in the same way. so bitshares don't have the legal system under them, which makes them ineffective. the same applies to pretty much all non-ecash efforts.
r0ach
Legendary
*
Offline Offline

Activity: 1260


View Profile
May 02, 2014, 12:02:25 PM
 #13

the big problem here is: shares, assets, instruments are legal terms. but we're not talking about transactions within jurisdictions, but in cyberspace. that is a HUGE difference, and very few people understand this. which is quite amazing really, because it should be obvious that these terms just don't apply in the same way. so bitshares don't have the legal system under them, which makes them ineffective. the same applies to pretty much all non-ecash efforts.

This is exactly how I've felt when reading all protoshares/invictus/etc stuff in the past.  I mean, anything can happen, and it's possible they could make some of this stuff work, but why rely on colored coins when you can rely on authoritarianism and men with guns.

......ATLANT......
..Real Estate Blockchain Platform..
                    ▄▄▄▄▄▄▄▄▄
                    ████████████░
                  ▄██████████████░
                 ▒███████▄████████░
                ▒█████████░████████░
                ▀███████▀█████████
                  ██████████████
           ███████▐██▀████▐██▄████████░
          ▄████▄█████████▒████▌█████████░
         ███████▄█████████▀██████████████░
        █████████▌█████████▐█████▄████████░
        ▀█████████████████▐███████████████
          █████▀████████ ░███████████████
    ██████▐██████████▄████████████████████████░
  ▄████▄████████▐███████████████░▄▄▄▄░████████░
 ▄██████▄█████████▐█████▄█████████▀████▄█████████░
███████████████████▐█████▄█████████▐██████████████░
▀████████▀█████████▒██████████████▐█████▀█████████
  ████████████████ █████▀█████████████████████████
   ▀██▀██████████ ▐█████████████  ▀██▀██████████
    ▀▀█████████    ▀▀█████████    ▀▀██████████

..INVEST  ●  RENT  ●  TRADE..
 ✓Assurance     ✓Price Discovery     ✓Liquidity     ✓Low Fees





███
███
███
███
███
███





███
███
███
███
███
███
███
███
███
███
███
███

◣Whitepaper ◣ANN ThreadTelegram
◣ Facebook     ◣ Reddit          ◣ Slack


███
███
███
███
███
███
███
███
███
███
███
███





███
███
███
███
███
███








Hero/Legendary members
flis1986
Member
**
Offline Offline

Activity: 69


View Profile
May 02, 2014, 12:41:27 PM
 #14

Thank you.
Very interesting article !
Spoetnik
Legendary
*
Offline Offline

Activity: 1442


FUD Philanthropist™


View Profile
May 02, 2014, 12:47:41 PM
 #15

i like my white papers beige Sad

FUD first & ask questions later™
Spoetnik
Legendary
*
Offline Offline

Activity: 1442


FUD Philanthropist™


View Profile
May 02, 2014, 12:48:50 PM
 #16

A paper justifying a 100% premine. Honestly?

i literally just ROFL'd so hard i thought i was going to choke to death ahhahhahahaa

FUD first & ask questions later™
benjyz
Full Member
***
Offline Offline

Activity: 140


View Profile
May 02, 2014, 01:23:51 PM
 #17

This is exactly how I've felt when reading all protoshares/invictus/etc stuff in the past.  I mean, anything can happen, and it's possible they could make some of this stuff work, but why rely on colored coins when you can rely on authoritarianism and men with guns.

yes, that's complicated. the spectrum between cyperpunks and free market capitalists is pretty wide. certainly a bunch of people in N jurisdictions have not the power to incorporate whatever legal entity they want. corporations and states are deeply coupled. corporations have become state-like entities, playing the game of jurisdiction arbitrage and leveraging their power through all kinds of venues, see the recent global trade agreement and the off-shore markets.
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518


View Profile
May 02, 2014, 08:51:35 PM
 #18

clout and Voluntold, you need to study the three validity tests for the Byzantine Generals Problem and understand at a very deep level what proof-of-work solves.

It is not possible to just centralize a subset of the system, because the security and game theory of the system is pre-imageable and manipulable from that subset, thus there is no subset (it is not containable).

The word 'reputation' in this context means any attribute you want to associate with a node in the network. Proof-of-work avoids the need for any persistent attributes, thus centralization does not need to be contained in a subset, because there isn't any centralization subset because there is no attribute that has to be validated.

Think about the Byzantine problem in another abstract way. There can't exist a tally of votes without agreeing who will validate and count the votes (unless perhaps using some group signature algorithm, however these are always two-steps and thus are subject to denial-of-service). Yet who ever is trusted to count the votes, can now game the entire system.

Any reputation attribute metastasizes to centralized game theory.

Sorry. End of story. High IQ abstraction complete.

...delegates have a simple job and can be fired on command if they do not perform their duties...

No they can't be fired in all possible game theory scenarios. Devil is the details. I could spend my entire life doing adhoc analysis of every new N.A.O.D.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
clout
Full Member
***
Offline Offline

Activity: 209


View Profile
May 02, 2014, 10:32:50 PM
 #19

right now we are using shares in a decentralized company as currency because they are a good medium of exchange simply by virtue of their digital nature. the point of bitcoin (the network) is to provide a better a currency, so shouldn't these decentralized companies do just that? currencies that are not beholden to inflation or price instability. essentially they are financial instruments of the clients choosing. this is what bitshares x (the decentralized autonomous bank and exchange) allows. individuals can use this bank to acquire assets that maintain the purchasing power of any asset that you can think of. the bank holds at least 200% reserve for all the debt that it issues, so there is no possibility of default. everything within the system is collateralized and accounted for with the bank's shares. as the banks market cap increases it can issue more debt, but it can only do so in accordance with rule that debt can only be issued with 200% collateralization.

the big problem here is: shares, assets, instruments are legal terms. but we're not talking about transactions within jurisdictions, but in cyberspace. that is a HUGE difference, and very few people understand this. which is quite amazing really, because it should be obvious that these terms just don't apply in the same way. so bitshares don't have the legal system under them, which makes them ineffective. the same applies to pretty much all non-ecash efforts.

shares, assets etc. are not legal terms they are economic terms that have nothing to do with governments or jurisdictions except that governments attempt to regulate their exchange. these terms do not apply in the same way because the legal ramifications do not apply, but the economic consequences do. this is why bitshares is better than bitcoin and all 2nd generation crypto systems, because it is supported by sound economics.

also what is a non-ecash effort?
clout
Full Member
***
Offline Offline

Activity: 209


View Profile
May 02, 2014, 10:34:14 PM
 #20

the big problem here is: shares, assets, instruments are legal terms. but we're not talking about transactions within jurisdictions, but in cyberspace. that is a HUGE difference, and very few people understand this. which is quite amazing really, because it should be obvious that these terms just don't apply in the same way. so bitshares don't have the legal system under them, which makes them ineffective. the same applies to pretty much all non-ecash efforts.

This is exactly how I've felt when reading all protoshares/invictus/etc stuff in the past.  I mean, anything can happen, and it's possible they could make some of this stuff work, but why rely on colored coins when you can rely on authoritarianism and men with guns.

this doesn't rely on colored coins...
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!