Nobody is concerned that basically all Gmaxwell's criticisms apply equally, if not more, to XC?
XC doesn't even purport to be trustless, and the overall implementation hasn't even been comprehensively described.
As he has said cryptonote and zerocash technology are the only novel and workable decentralised and trustless solutions thus far. A 'dynamic trust network' is neither trustless (the whole point of bitcoin and derivative technologies) nor decentralised since it relies on certain nominated nodes to provide specific tasks.
Everybody seems to be drinking a nice big cup of smug over the weaknesses of darkcoin (of which there are legion) while avoiding taking a look in their own back yard.
Yes, I think it would be valuable for the XC team to engage seriously (and respectfully) with Gmaxwell's post. In fact, we should invite him to review XC's tech when it's more fully developed. It would be a real opportunity to benefit from his expertise.
I also think we should take his criticisms seriously when developing the coin. Is there a better model than the dynamic trust system? Can we come up with one? Perhaps, and we'd do well to consider it long and hard.
that's a good idea.
Gmaxwell is an expert on Anonymous technology.
ATCsecure shall we discuss how Gmaxwell's post might apply to XC? I imagine it'd be a matter of whether the multi-path paradigm can be implemented without a dynamic trust system, while still preserving XC's ability to avoid blockchain bloat.
Multi-path has incredible possibilities; how about removing/reducing the need for trust with the following (which in all likelihood you've thought of already):
- your specification includes that each xnode only passes on fragments of transactions; this means each fragment will be a small (non-risky) amount.
- what if xnodes have to compete to relay a given fragment? This builds in redundancy, so that if one node attempts to steal the fragment, the others will pass it on. The fastest node gets the transaction fee.
- what if xnodes also can only pass on a single fragment at a time? This way a node would only ever have one fragment, and therefore could never amass enough money for it to be worth stealing.
- Xnodes would then compete for transaction fees by processing transactions faster than other nodes. This way the network would organically improve its capacity.
- At some cost to network speed, the protocol could also set a maximum fragment size to ensure the incentive to become a bad actor is always low regardless of the size of a given payment.
The effect of the above is that xnodes have two options:
- steal a fragment and (a) derive minimal reward, and (b) get booted off the network via the trust system
- or pass on (a) as many fragments as possible in the shortest time and (b) get multiple tiny rewards.
The second of these is prima facie preferable.
However this idea would still be vulnerable to the following attack:
- set up thousands of xnodes
- find a way to steal fragments (I understand this is only a speculative possibility and that there'll be a way of making this exceedingly difficult... however I can't think further about this without more information)
- steal thousands of fragments, delete nodes, create new ones, build up trust, steal more fragments.
I'm unsure whether this attack will be more profitable than just being an honest node; its feasibility will come down to the details. And, fortunately, you decide what the details are.
The security of the network could well depend on this balance of incentives, which is ok I suppose, but its precariousness is analogous to that of mining competition in bitcoin. A systemic solution to the problem would be preferable.
Any suggestions?
Edit: Gmaxwell's post is here:
https://bitcointalk.org/index.php?topic=641178.40
