|
SlipperySlope
|
 |
August 19, 2014, 04:09:50 PM |
|
SlipperySlope and anyone else who has an interest in PoS: What are you opinions on this DPoS? Is this the holy grail that people have been waiting for? I thought Vitalik was a PoW hardliner. So I was a bit surprised to read this. I shared a conference call with Daniel Larimer, listening to progress on DPOS and explaining my own work. I commend Dan and his team. My greatest interest in DPOS is not how they secure the blockchain but rather the Distributed Autonomous Corporation, which I believe can be implemented in my Texai cognitive architecture. As I consider the design of my own work, I see less reliance on proof-of-stake as a method to secure the blockchain, and much more emphasis on traditional financial software techniques. CPOS will have a single mint agent that migrates over a network of paid full nodes, creating new blocks without effort, and whose results are verified by other agents that replicate and verify the canonical blockchain. My approach is much less complicated than reinventing Satoshi's design from scratch. I merely encapsulate bitcoind and control what nodes it connects with, and give one of them at a time permission to generate the block. I plan to fork the most popular PoW coins Bitcoin, Litecoin, Dogecoin and Namecoin on separate networks with separate branding - CPOS-B, CPOS-L, CPOS-D and CPOS-N respectively. To buoy prices, I would allocate a modest portion of the block rewards as dividend payments proportional to unspent transaction outputs. The remainder of the block reward finances generous support of full nodes and developers. The extreme low costs of CPOS with regard to PoW - which consumes the entire block reward, allows CPOS to offer 100x lower transaction fees. That feature, together with modest dividends and immediate acknowledgement of accepted transactions, should entice users to migrate over to CPOS from the PoW networks. All they need to do is configure new seed node addresses on their wallets and services. Their pre-fork coins will be present for spending. |
|
|
|
|
|
AnonyMint
|
|
August 19, 2014, 04:44:21 PM |
|
That is true, but you and I are resigned in the knowledge that a purpose-built device will always be able to outperform a general purpose device, even if the cost of that purpose-built device is fiscally prohibitive. Thus, the gap cannot ever truly be closed, in the truest sense of the word. Thankfully, this is clarified somewhat: "It is appropriate that some users can have a certain advantage over others, but their investments should grow at least linearly with the power."
Vitalik is trying to get his PoW to use the general purpose computations from the contracts to prove that they are running CPU's. I am not sure how far he is along with this idea, because the latest is that he is considering this new dPoS thing. But if he uses PoW and uses the turing complete contracts as proof for the PoW then a cpu would be the optimal hardware for mining, because an ASIC for Ethereum would simply be a better CPU, and then you're up against Intel. Of course, his ideas might not be possible, which is why they still have no mining algorithm. It won't help them for at least three reasons. 1. The most used contracts must be put on ASICs to get scaling, because Moore's Law is ending (unless POET rescues it), i.e. they will force more centralization of mining not less. 2. Algorithms aren't fungible. 3.  |
|
|
|
|
btc-mike
|
|
August 19, 2014, 04:47:39 PM |
|
I'm sure there will be pushback on these as there was to the others, but kudos to him and the Boolberry team for putting it out there for others to read, steal from, and criticize. (Disclaimer: I looked at an earlier draft of this one and provided some minor writing feedback. I'm not an author of it and am not part of the BBR team.)
Busy reading through it - he leads into it with a huge fallacy that is either incredibly naive or very disingenuous of him. When describing CryptoNight he states: "These constraints were supposed to protect hash from GPU and ASIC implementation" [sic]. Literally the first paragraph in the CryptoNote whitepaper that describes the PoW algorithm says: "Our primary goal is to close the gap between CPU (majority) and GPU/FPGA/ASIC (minority) miners. It is appropriate that some users can have a certain advantage over others, but their investments should grow at least linearly with the power. More generally, producing special-purpose devices has to be as less profitable as possible." Misrepresenting the facts of the matter in a whitepaper, purposely or not, is unconscionable. Unconscionable? The way you over react to anything negative (real or perceived) about your adopted cryptocurrency bemuses me. This was included in the original post: I even left the typos  |
|
|
|
|
|
Vanderi
|
|
August 19, 2014, 04:58:52 PM |
|
I'm sure there will be pushback on these as there was to the others, but kudos to him and the Boolberry team for putting it out there for others to read, steal from, and criticize. (Disclaimer: I looked at an earlier draft of this one and provided some minor writing feedback. I'm not an author of it and am not part of the BBR team.)
Busy reading through it - he leads into it with a huge fallacy that is either incredibly naive or very disingenuous of him. When describing CryptoNight he states: "These constraints were supposed to protect hash from GPU and ASIC implementation" [sic]. Literally the first paragraph in the CryptoNote whitepaper that describes the PoW algorithm says: "Our primary goal is to close the gap between CPU (majority) and GPU/FPGA/ASIC (minority) miners. It is appropriate that some users can have a certain advantage over others, but their investments should grow at least linearly with the power. More generally, producing special-purpose devices has to be as less profitable as possible." Misrepresenting the facts of the matter in a whitepaper, purposely or not, is unconscionable. Unconscionable? The way you over react to anything negative (real or perceived) about your adopted cryptocurrency bemuses me. This was included in the original post: I even left the typos Idiotic nitpicking. In addition, it's not fluffys job to correct such a gaping hole in the whitepaper integrity, not via google documents, nor via pm's. The guy who writes it has to be able to get the basics right all by himself. |
|
|
|
|
aminorex
Legendary
 Offline
Activity: 1596
Merit: 1029
Sine secretum non libertas
|
|
August 19, 2014, 05:02:53 PM |
|
Come now, let's nip the antagonism in the bud. The "unconscionable" word was a bit...insensitive...but not worth starting a feud. BBR and XMR should be able to cooperate well, to mutual benefit, and overblown rhetoric won't help either. Oil on the water, please. (And no smoking.)
|
Give a man a fish and he eats for a day. Give a man a Poisson distribution and he eats at random times independent of one another, at a constant known rate.
|
|
|
fluffypony
Donator
Legendary
Offline
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
|
|
August 19, 2014, 05:44:10 PM |
|
Unconscionable? The way you over react to anything negative (real or perceived) about your adopted cryptocurrency bemuses me.
Michael, I did not create the CryptoNight PoW, nor am I particularly attached to it. I am, however, against blatant incorrectness in a technical document, and would be just as vehement if the incorrectness were about scrypt. This is not the first time I've reacted this way - in this very forum I've passionately argued against incorrectness in all manner of "whitepapers" dished out by "developers" regardless of whether or not it relates to something I'm involved in. That you feel the need to pop your head in and pass a smug and arrogant comment is not unsurprising, but it would behove you to tread carefully, as such behaviour reflects extremely poorly on the cryptocurrency you represent. Come now, let's nip the antagonism in the bud. The "unconscionable" word was a bit...insensitive...but not worth starting a feud. BBR and XMR should be able to cooperate well, to mutual benefit, and overblown rhetoric won't help either. Oil on the water, please. (And no smoking.)
I stand by the turn of phrase I used. Lying, or misrepresenting a fact that he should know, in a formal technical document is unconscionable. In fact, I agree with everything else he said about the algorithm, but that entire last sentence is unnecessary and disingenuous. I'd expect something like this from a Newsweek reporter, but not from somebody who obviously understands the facts of the matter and is writing a technical document. If it was a developer working for me they would be in a disciplinary hearing, but spending a few years C-level at a listed company has maybe made me overly demanding. I do not claim or pretend to be a dispassionate person. |
|
|
|
|
btc-mike
|
|
August 19, 2014, 06:07:10 PM |
|
Michael, ... [drama removed]
I have already asked you not to call me Michael. Now you are on my list of people to karate-chop in the throat. |
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
August 19, 2014, 06:08:54 PM |
|
I originally thought the use of unconscionable was a bit strong but now I see where fluffypony was coming from. The CryptoNote white paper says one thing as the goal of CryptoNight and Zoidberg's write up says another. That is misattribution and shouldn't be done.
Zoidberg might have his own opinion about what the "goals" of CryptoNight were but unless he can document it, he should just stick with the goals that were published in the white paper (or web site, etc.)
There also might also be a bit of a language issue as Zoidberg has stated before that English is not his native language. So I wouldn't necessarily assume malicious intent, but the wording should really be cleaned up.
|
|
|
|
|
|
btc-mike
|
|
August 19, 2014, 06:14:40 PM |
|
I originally thought the use of unconscionable was a bit strong but now I see where fluffypony was coming from. The CryptoNote white paper says one thing as the goal of CryptoNight and Zoidberg's write up says another. That is misattribution and shouldn't be done.
Zoidberg might have his own opinion about what the "goals" of CryptoNight were but unless he can document it, he should just stick with the goals that were published in the white paper (or web site, etc.)
There also might also be a bit of a language issue as Zoidberg has stated before that English is not his native language. So I wouldn't necessarily assume malicious intent, but the wording should really be cleaned up.
I may have done it while correcting Zoidberg's grammar. The error will, of course, be corrected ASAP. |
|
|
|
|
mitchr4
Legendary
Offline
Activity: 2702
Merit: 1017
Join the world-leading crypto sportsbook NOW!
|
|
August 19, 2014, 06:18:04 PM |
|
I think by taking a look at older alts, youre only going to find dying coins...The newest alts are always going to be the ones with the "potential". You just have to hope that bitcoin will blow up and bring some of the alts with it...and it wont be DRK or BC or LTC. Its going to be whatever coin is hot at that time. For me Aerocoin is my right now, but ill change it if it doesnt get mainstream attention.
|
|
|
|
Este Nuno
Legendary
Offline
Activity: 826
Merit: 1000
amarha
|
|
August 19, 2014, 07:22:14 PM |
|
The error will, of course, be corrected ASAP.
Hey isn't that what Github or bugzilla are for? When was anything perfect on the first draft. This thread is getting noisy (I was was wishing I could ignore that thread of discussion). More interesting and higher S/N ratio when we discuss higher level analysis. Risto are you still moderating? Please delete this post (hopefully before it is archived by bitcointa.lk). If I had an altcoin and the other altcoins wanted to write incorrect statements in their whitepapers and technical documentation, I wouldn't waste my time correcting them. The more mistakes and constrictor gordion knots they tie themselves in, the better. Degrees-of-freedom baby, i.e. decentralization. Without it, gridlock. What do you think about the fact that Vitalik seems to be convinced that Bytemaster's DPoS system is superior to PoW? I ask you especially since you have been Bytemaster's biggest critic from what I can tell. |
|
|
|
|
|
AnonyMint
|
|
August 19, 2014, 08:18:16 PM
Last edit: August 19, 2014, 08:33:45 PM by AnonyMint |
|
What do you think about the fact that Vitalik seems to be convinced that Bytemaster's DPoS system is superior to PoW? I ask you especially since you have been Bytemaster's biggest critic from what I can tell.
Why PoS can't remain decentralized. The 'D' in front of PoS doesn't overcome the issue. In my opinion, the roadblock everyone seems to have with designing the correct PoW is they analyze it as a technical problem instead of as an economic problem. If electricity and capital costs are correlated to price via difficulty, then PoW is also centralizing due to the power-law distribution of wealth and the debt financing economic model of the power vacuum of democracy. So yeah DPoS could be superior for some metrics he finds useful or expedient, but it won't remain decentralized long-term. |
|
|
|
|
dga
|
|
August 19, 2014, 08:24:09 PM |
|
Unconscionable? The way you over react to anything negative (real or perceived) about your adopted cryptocurrency bemuses me.
Michael, I did not create the CryptoNight PoW, nor am I particularly attached to it. I am, however, against blatant incorrectness in a technical document, and would be just as vehement if the incorrectness were about scrypt. This is not the first time I've reacted this way - in this very forum I've passionately argued against incorrectness in all manner of "whitepapers" dished out by "developers" regardless of whether or not it relates to something I'm involved in. That you feel the need to pop your head in and pass a smug and arrogant comment is not unsurprising, but it would behove you to tread carefully, as such behaviour reflects extremely poorly on the cryptocurrency you represent. Come now, let's nip the antagonism in the bud. The "unconscionable" word was a bit...insensitive...but not worth starting a feud. BBR and XMR should be able to cooperate well, to mutual benefit, and overblown rhetoric won't help either. Oil on the water, please. (And no smoking.)
I stand by the turn of phrase I used. Lying, or misrepresenting a fact that he should know, in a formal technical document is unconscionable. In fact, I agree with everything else he said about the algorithm, but that entire last sentence is unnecessary and disingenuous. I'd expect something like this from a Newsweek reporter, but not from somebody who obviously understands the facts of the matter and is writing a technical document. If it was a developer working for me they would be in a disciplinary hearing, but spending a few years C-level at a listed company has maybe made me overly demanding. I do not claim or pretend to be a dispassionate person. Deep breaths. The phrasing in the whitepaper could be very easily attributable to a difference in phrasing due to Zoidberg not being a native speaker of English. I, for one, *didn't* read it in the way you're choosing to interpret it, but we're both probably reading our own preferred meanings into it ("Protect from" meaning "to prevent being utterly destroyed by ASICs" vs "prevent ASICs from existing"). It seems very reasonable to request a rephrase, and you've done so, and I hope C_Z will be responsive to that to eliminate any ambiguity, but calling this "unconscionable" is creating an impressive mountain out of what should otherwise be a relatively small difference in interpretation of one sentence. I suggest we give him some space to fix it, and move on to actual issues of substance. Re Cuckoo Cycle, as an embedded follow-up: I hope to do one more round of attacks against CC before I declare myself out of ideas. I'll update my document about it when I have a chance. I think we're getting closer to actually understanding it. |
|
|
|
fluffypony
Donator
Legendary
Offline
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
|
|
August 19, 2014, 08:29:42 PM |
|
I suggest we give him some space to fix it, and move on to actual issues of substance.
Fair enough. In that case, "Wild Keccak" doesn't provide sufficient substance over alternative algorithms to be worthy of much consideration, in-my-most-humblest-of-opinions-without-offending-Michael. |
|
|
|
|
dga
|
|
August 19, 2014, 09:47:18 PM
Last edit: August 19, 2014, 10:31:16 PM by dga |
|
I suggest we give him some space to fix it, and move on to actual issues of substance.
Fair enough. In that case, "Wild Keccak" doesn't provide sufficient substance over alternative algorithms to be worthy of much consideration, in-my-most-humblest-of-opinions-without-offending-Michael. *shrugs* That's fine, but let's consider it on its actual merits instead of trading thinly-veiled sarcasm. :-) + WK offers faster block verification than CN. - WK can be searched in parallel, scalably, limited only by the die area you want to devote to Keccak processing. ? WK requires an amount of fast storage that scales linearly with time -- how this interacts with Moore's law is complicated, and whether or not its scratchpad will be overtaken by lithographic advances is something my crystal ball can't handle. -> At present, WK's parallelism is thus limited by DRAM bandwidth for 256 bit reads, because the scratchpad size has already slipped out of L3 cache on most CPUs. As a result of this, the GPU/ASIC resistance of WK is determined almost entirely by its scratchpad. This is interesting -- it's like scrypt-adaptive-N with an automatic way of scaling the amount of memory required, but without the verification slowdown of increasing N. - CN has poor block verification performance. This may have negative implications both for the time to bring new nodes online, but also for block-flooding DoS resistance. + CN's use of AES is well-matched to functionality already optimized in silicon on CPUs. + CN cannot be searched in parallel, to the best of my knowledge, without a corresponding increase in the number of 2MB scratchpads used for searching. This occurs because the scratchpad is modified during the search, a key differentiator from prior work such as scrypt. => As a consequence, the parallelism available for CN is limited by die area for an L3-based approach, or by DRAM bandwidth with 128bit reads for a DRAM-based approach. For both, at the present time, GPUs are the most efficient way to mine them (though more so for WK). Both take a DRAM-bandwidth-based approach, storing the scratchpad(s) in RAM and using thread parallelism to mask the access latency. WK's use of 256 bit reads and Keccak makes it a little more GPU-friendy, but the major difference between the two on GPU is due to the use of AES in CN. On an ASIC, the "Aes-is-in-hardware-on-x86" advantage disappears, and the 128 vs 256 bit differences will be only modestly important (I'd guess 30%, but that's pulled out of thin air). edit: I should clarify this: CN's better ratio for GPUs-vs-ASIC disappears. the CPUs will still keep their advantage relative to the GPUs, so the CPU/ASIC ratio of CN should be a little better than the CPU/ASIC of WK. But the GPU/ASIC ratio for both should be relatively similar, affected mostly by 128 vs 256 bit dram reads. So: I do see a major advantage to Wild Keccak at this time in terms of its fast verification coupled with near-term relative CPU/GPU/ASIC balance. But it's an advantage that depends heavily on longer-term technology trends of continued lithographic scaling. Both schemes are vulnerable to large jumps in DRAM bandwidth enabled by future technologies such as tsv-stacked DRAM, but that's a little farther out in the crystal ball, and my best guess is that the manufacturing difficulties of stacked DRAM won't be ironed out to the point where it would be usable for cheap crypto mining in the next 5 years. To me, this boils down to whether or not there are effective flooding DoS measures that can be implemented for the Cryptonotes without requiring a block verification. There probably are. But it's nice that WK makes it harder to mount *this particular* computational attack against nodes. It'd be interesting for someone to poke at that a little and see how bad the problem really is, instead of us speculating into the air about it. There's also the issue of verification speed, which with the current implementation of Cryptonote *is* an issue, though I think we both agree that it's "just" a matter of engineering. Again - it's nice that the WK design reduces the need for extra attention paid to high-performance coding, because trying to make things fast and correct is harder than just making them correct - but this is also something that can be resolved empirically. |
|
|
|
iCEBREAKER
Legendary
Offline
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
|
|
August 19, 2014, 10:17:14 PM |
|
But...but...smooth said If removing (non-mining) transaction dust and the resulting bloat is "trivial" then why is XMR lagging behind BBR in implementing that feature?
Stop being a troll and an idiot please. Look at the BBR list of features and I quote (with bold emphasis added): Removed Dust from block reward to reduce block chain size even more
The change in BBR is removing of mining dust, as I said. |
██████████
██████████████████
██████████████████████
██████████████████████████
████████████████████████████
██████████████████████████████
████████████████████████████████
████████████████████████████████
██████████████████████████████████
██████████████████████████████████
██████████████████████████████████
██████████████████████████████████
██████████████████████████████████
████████████████████████████████
██████████████
██████████████
████████████████████████████
██████████████████████████
██████████████████████
██████████████████
██████████
Monero
|
| "The difference between bad and well-developed digital cash will determine
whether we have a dictatorship or a real democracy." David Chaum 1996
"Fungibility provides privacy as a side effect." Adam Back 2014
|
| | |
|
|
|
|
dga
|
|
August 19, 2014, 10:30:07 PM |
|
Sorry - I've updated my original post to more correctly note the second presentation is about ring signature pruning, not blockchain pruning, as was discussed at length earlier in this thread. Mea culpa for the uncareful phrasing. |
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
August 19, 2014, 10:32:59 PM |
|
There's also the issue of verification speed, which with the current implementation of Cryptonote *is* an issue, though I think we both agree that it's "just" a matter of engineering. Again - it's nice that the WK design reduces the need for extra attention paid to high-performance coding, because trying to make things fast and correct is harder than just making them correct - but this is also something that can be resolved empirically.
We looked at this a little after someone complained about it, on this thread I think. It turned out that the biggest problem, by far, is not verification, but that the blocks are being delivered multiple (as in many) times during synchronization. We have someone assigned to debug it. Once that is fixed we can take another look. |
|
|
|
|
iCEBREAKER
Legendary
Offline
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
|
|
August 19, 2014, 10:49:47 PM |
|
Sorry - I've updated my original post to more correctly note the second presentation is about ring signature pruning, not blockchain pruning, as was discussed at length earlier in this thread. Mea culpa for the uncareful phrasing. The clarification is much appreciated. My understanding is that BBR ring sig pruning linearly reduces blockchain bloat, but is not the holy grail of transaction pruning required for logarithmic bloat reduction of the kind found in XCN's mini-blockchain. To be clear, ring sig pruning prevents a little bit of bloat, while transaction pruning removes substantial accumulated bloat. Also, 'dust' is the atomic unit of 'bloat.' Did I get that right? What do I win?  |
██████████
██████████████████
██████████████████████
██████████████████████████
████████████████████████████
██████████████████████████████
████████████████████████████████
████████████████████████████████
██████████████████████████████████
██████████████████████████████████
██████████████████████████████████
██████████████████████████████████
██████████████████████████████████
████████████████████████████████
██████████████
██████████████
████████████████████████████
██████████████████████████
██████████████████████
██████████████████
██████████
Monero
|
| "The difference between bad and well-developed digital cash will determine
whether we have a dictatorship or a real democracy." David Chaum 1996
"Fungibility provides privacy as a side effect." Adam Back 2014
|
| | |
|
|
|
|
crypto_zoidberg
|
|
August 19, 2014, 11:01:08 PM |
|
Sorry - I've updated my original post to more correctly note the second presentation is about ring signature pruning, not blockchain pruning, as was discussed at length earlier in this thread. Mea culpa for the uncareful phrasing. The clarification is much appreciated. My understanding is that BBR ring sig pruning linearly reduces blockchain bloat, but is not the holy grail of transaction pruning required for logarithmic bloat reduction of the kind found in XCN's mini-blockchain. To be clear, ring sig pruning prevents a little bit of bloat, while transaction pruning removes substantial accumulated bloat. Also, 'dust' is the atomic unit of 'bloat.' Did I get that right? What do I win? In CryptoNote coins ring signature is 60-90% of transaction size. With pruning ring signatures you get 60-90% smaller blockchain, compared with other cryptonote coins, you win only this here. XCN is very interesting project, unfortunately i can't see possibility to build account tree on CryptoNote base(as well as utxo) due to anonymity/unlinkability. |
|
|
|
|
