Topic: A World of Trust – eMunie Consensus Primer - page 4. (Read 7372 times)

I think this is a fine balance for a system.  A consumer should have the right to protect their privacy and even be completely anon if they want.  A business doesn't need to know anything about that consumer except that they sent the money.  Can a deposit be seen on the blockchain?  If so, good.  That is all they need to know.

This doesn't apply for business though.

A consumer and governments to some extent need to know about the dealings of a business so that the consumers can protect themselves, and at the same time the government can protect those consumers that are too young, too old, or too foolish to protect themselves.  Businesses having an option to show their histories openly and transparently is a nice step in this direction.

Bitcoin and other blockchains have been stricken by a series of scammers as it is such a great platform for them.  They get them money and can easily disappear.  It would be nice for those businesses not interested in scamming to have a proper outlet to do so in a system that helps to support their claims of legitimacy setting a bar for how legit players look and how they act. 

If Fuserleer is BCNext, he has a serious Dissociative identity disorder.

https://bitcointalksearch.org/topic/m.3390794

Network fragmentation and Bitcoin is dead because you can spend your coins in every fragment. Not just a double spend rather an N spend. Where N is number of fragments.


I'm very sleepy so will sign off.

I know the devil is in the detail, Ive optimized bandwidth and usage a lot, its very efficient.

Well remember you have bandwidth to worry about

You see the devil is in the holistic details. I said in my first post that the bandwidth optimization would work to open more opportunities to attack.

So decrease bandwidth, that must equate with reduced # of P2P connections per node, no matter how you formulate it.

Thus increasing the probability of being able to isolate it.

You dont need anything like $4T, you could re-mine the entire blockchain from the genesis again in secret in about 2 years and $200M.  As a bonus you'd end up back at today with about 65% of current mining power.  Then just present that chain as it'll have more work than the current one, and BAM.  All BTC transactions gone on all nodes that are active at that time, you can easily outpace everyone else too so they cant present a stronger chain.

BTC is dead in that scenario, and they would have to change the protocol to hard-fork away from the current version and start from scratch unless someone, somewhere had an up to date copy of the old chain that could be imported somehow.

You couldnt use POW anymore though in the same form, because someone somewhere is sitting on 65%+ of all the hashpower and just ruined yours and everyones day with it.

Thats interesting, I have havent been keeping up to speed on mining costs and things like that for a long time now.

Thanks for the insight though, it does seem backwards to me though, but I guess mixing capitalism with anarchism results in crazy behaviour!

Right, thats pretty much exactly what I just said, you identify all the SN nodes with a higher than average weight, and attempt to connect to them all.  If you have a lot of Sybil nodes, then you may even get some inbound connections from these nodes as they try to connect out.

Thats a few times today you've responded with the same thing said in a different way, maybe you should give me some more credit than you do

But, I still find it difficult to swallow that this can, and would be coordinated, with 1000s or more machines and all the effort required to maintain it, to take advantage of a 15 second window to influence a transaction conflict.  When all that is needed for all of this effort to be thwarted, is to wait 60 seconds or more for the transaction to be fully final and have a majority.

This isn't like BTC where I have a 10+ minute window, or can run home and turn on a few PH of mining power and UNDO the transaction.  Once its final and has a majority of the trust, its in forever!

As you say how can you know if they are mining at a loss if their electricity is heavily subsidized.

Also how do we know they aren't being funded by the $4 trillion Black Budget that is confirmed to exist by Donald Rumsfeld and thus growing hashrate over time to take over Bitcoin.

I don't think you can conclude with certainty the motivation is altruistic.

Btw, I have solutions to all those issues with PoW that you mention.

As most people know, the cost has mostly shifted from hardware to electricity, but when I've calculated mining costs during the last year, there are times when it seemed like a huge percent, maybe even the majority, were mining at a loss.  It makes perfect sense from many angles.  For instance, if you own 1000 Bitcoins, but only now pull in a small amount through mining at a small loss, you're increasing the value of the stash you already hold by increasing network hash rate.  You're increasing both network security and scarcity for others at the same time.  I think Satoshi's papers would classify this as an irrational miner, but it seems perfectly rational to me.  This is assuming they did not believe the speculative price of Bitcoin would go up, since that would be a different reason to mine, but the results from their direct actions would have an effect.

This also occurs on a daily basis for any coin not secured by heavy parallelization computing, since bot nets can mine for free, thus making legit miners unprofitable.  Some people still do it anyway...until the coin dies.  Seems like one of Satoshi's biggest blunders, not accounting for botnets, ASIC, Chinese government subsidized power, currency manipulation to increase exports which results in all mining hardware being made in one country, etc.  That's a lot of anti-decentralization going on.  PoW was kind of presented as a bulletproof solution, when it was more like the best bad solution.

The real reason PoW mining exists is because there is no other valid form of distribution that can hope to reach a wide audience.

I assume A is not going to connect to infinite nodes.

Thus I assume there are certain finite number of nodes it connected to such that if they were all adversarial then node A would never know it was occasionally receiving a delayed transaction propagation. Even if there were a few connections to A that were not the attacker, those connections connect to other connections and the attacker may be able to map out the network and determine where to place its effort so that as a mesh it becomes blocked off. If you can't visualize this, then I don't know what to say. I can visualize that in my mind. I don't feel like diagramming it. I don't know how successful it would be. Attacker might just maximize number of nodes by diluting trust and how random luck plays out in terms of the amount of trust cordoned off.

Now as for the probabilities and what would be the ratio between T and 51% - T, I don't know. Would have to develop a formal model and analyze.

Btw the more trust A has, the most incentive to focus all adversarial nodes, on isolating that node.

Note there was a research article I saw recently on how surprisingly hierarchical the Bitcoin P2P network is and how propagation is controlled by fewer super nodes.

I didn't see your edit until I had replied actually.

But fair enough, I was genuinely interested in how you propose to do it, but seeing as my interest is angering you I guess I'll leave it at that.

You make a holistic assumption about the economics which I can't even make. Again see my point about undersupplied good and the ability to bribe nodes. I mean every one is participating in consensus "mining" (or what ever you want to call it) to earn the most they can for themselves. Until we know well the holistic economics game theory of your complex design, it is not really possible to even reason about what 'honest' means. It isn't dishonest to maximize my profit.

I thought you were going to let me leave the thread with my gracious comment that my comments were speculative only.

But since you insist, I guess I have to become more forceful than I wanted to.

That doesn't really answer my question in any manner at all.

I want to know how you isolate a node A, that is honest and free to connect to any node that it wants, from either connecting to that node, or sending it information.

Lets say that A is an important node, lets also say that it has a slightly above average trust weight.  It has many connections incoming to it, and many outgoing from it that it makes of its own.  Assume that is also has a list of preferred outgoing connections to nodes it knows are of similar importance to it.  If you can isolate it then it improves your chances of success slightly.

How do you isolate it so that it can not receive or relay information to anyone without being physically near it?

If you fill up its inbound connections so that regular clients cannot connect to it, it can still make outbound connections to any other SN nodes like itself.  If/when that fails (because you are filling them up too) it makes connections to regular non-SN nodes instead.  All the other important nodes in the network are doing the same thing, and by doing so, they have a route to each other (albeit it a bit slower).  The regular clients become the service providers for the SNs, by providing a route for data between them.

The network topology is such that for every 100-200 connected users of the network, on average you need at least 1 SN available.  With 10000 users that is ~50-100 SNs, with 100000 that is ~500-1000 SNs, 1M you are 5k-10k SNs.  With a large number of SNs comes a good distribution of trust, so there wont be just a handful of SNs you need to isolate.  You'll need to isolate a lot of them (1000s as the network grows), and as all of these SNs will have inbound connection pools of 100-200 in size, you'll need to fill up 10,000s of connection slots in total.

Of course that is the point of spreading your trust around to as many nodes as possible and target isolating nodes with a Sybil attack. You can also isolate nodes by identifying the patterns that make some nodes more important to isolate than others, so a lot of nodes are isolated by isolating a fewer nodes. No P2P network is perfectly distributed.

Again I don't know what the ratios will end up being between T and 51% - T. A proper modeling has to be built.

And I doubt that is the only attack. I haven't expended more than 5 minutes yet thinking about how I would attack it. And I don't even know all the fine design points and I would need to probably know that in order to try to identity more vulnerabilities.

Also it is not clear if your economic model isn't gameable. I haven't delved in that.

For example, nodes might even pay other nodes to accept them as their peers. Remember Vitalik's point that consensus is an undersupplied public good.


In summary, I don't want to comment more other than to say it is a complex model and I would want extensive peer review.

Edit: I want to emphasize that my comments in this thread are not to be taken as a statement of certainty (or even probability) that eMunie has a flawed security. I am presenting my initial opinion (based on very quick read of the first blog article) that it is difficult to reason about with certainty and I'd prefer a more thorough analytical review especially a formal model would be fabulous.

I can't visualize at all even the slightest way that could be achieved in a P2P network when these events are broadcast events and not routed traffic events.  Routed traffic that has an origin and destination, yes, if you had a small amount of nodes in the network, then you could block traffic quite well to a large number of routes that hopped over one of your nodes.

But in a broadcast environment, where each peer is connected to 8-16 other peers, how can any of what you suggest even cause any disruption at all without completely isolating a large number of nodes, and having a large number of nodes yourself.  How do you prevent N broadcasting to M whom it is connected to about a transaction/counter-signature, and then prevent M broadcasting that same transaction/counter-signature to L and so and and so forth and do it all over the network?

I really am curious and would like some detail if possible on how you would do it.

A point of distinction is that the adversary only needs to acquire as much trust T as is necessary to be able spread his nodes around sufficiently to block (delay) propagation to (51% - T) of the total trust in the network.

I don't know how small T can be until it is properly modeled. Maybe it is only 5%. The other 46% then comes for free. Maybe it is 26% then the 24% comes for free. We won't know until the system is holistically modeled.

I don't have time to go back and forth here.

Your design might be somewhat secure or it might not. It is far too complex for someone to know that in this thread. Will require much peer review and modeling.

Finally, someone that sees sense.

This is the problem, everyone thinks only in theory land and doesn't consider the real world.

Even if you have spent crazy amounts of money, time and effort to have an inflated trust value, you have 10-15 seconds to pull it off...that includes the receiver seeing the payment, handing you the keys to the shiny BMW (because anything less doesn't provide profit), you screeching off, and presenting a double spend transaction while being Mr Getaway driver.

I've had these same arguments face to face with people endless time and it always goes the same

"Well I can create 1 million nodes and take over the network"
"sure, if you had 1 million nodes could you take over Bitcoin too?"
"YES!"
"so why hasn't anybody?"
"erm...."

There has to be a point where you say "Thats enough for 99.999% of all situations" and be happy with what you have

All your sybil attacks are abstract and don't take into account factors of the real world. The attacks may succeed in a spherical vacuum, but what about attacking eMunie if it's used by, say, Starbucks? You walk into a cafe and scan a special QR-code (displayed on an interactive screen) with your smartphone. This code is the root of Merkle tree of the ledger essential part. If your version of eMunie ledger is "hacked" then you will see the difference right away. Whom will you trust, the Starbucks system or unknown random guy with 2 million fake nodes?

Example, long con:

* Pretend to N nodes by acquiring N ip addresses
* Build trust by behaving normally
* Once the required sybil majority of bad, trusted nodes is reached, perform a massive double spend by using your trusted majority

Cost of this is basically zero, right?

There is no way around this problem unless the actual voting process costs something.