Topic: AI Coin Development Diary - page 13. (Read 49301 times)

Thanks for your reply! 
Funny you should mention that.  I waited in line behind a credit card payer at the sandwich shop yesterday.  Long wait, card didn't go through.    Next in line was me.  I asked for the total in bitcoin, pressed send.  Accepted (at zero confirmations) instantly.  There are no guarantees in life, but bitcoin is pretty damn good.       


So we need it because other people think we need it?  Peercoin also has a novel reward schedule, both in it's proof of work component with reward linked to difficulty, and of course in the proof of stake portion that appeals to the greedy.  Yes, people will use resources more where they are cheap.  Is that a problem? 

Ok, I sort of get your chain of reasoning but I think it is faulty. Its not so much about where the purchasing power came from, but to me rather how it is spent. For example dollar bills can be literally burned. That is a form of useless spending. Or dollar bills can be used to buy bitcoins. That is better in my opinion, regardless of how much coal was consumed to create those dollars in the first place. And that is all I have to say on this until the code to be written can speak for itself.

the argument is simple :

where does the energy come from?

if Bob has 1000 Bitcoin and wants more how does Bob get them?


lets look:

- Bob buys them.   (Bob expended energy in the form of paper money or good or services)

- Bob Trades them for profit.  (Bob just transfered someone else's energy and made a profit, someone else lost this time)  

- Bob Buys hardware and mines them (Bob expends either Bitcoin (energy tokens) or fiat (energy tokens) and buys hardware and mines them)

or

Proof of stake says Bob gets "interest" on owning something, this breaks the law of energy equilibrium and transfers energy to Bob.


this is not a problem, and it works now because ah, people don't know any better and are stupid, but however why it won't work in the future is because of the same reason Joe goes to work now  and is seeing a declining reward for his work, and why people are turning off the TV.

The reason "interest" exists is for a premium on a risk for Debt (transfer> generally consensual)  or as a shell game to steal wealth (energy) from humans.  (theft) .

only those reasons.

I like the idea of super-peer-POS.

POW does cause some problems in current BTC network.
It is always great for the community to get prepared before more critical issues occur on BTC.  

Thanks for the info Good read 

The answer is Yes. But I do not follow your argument. A better response from me will have to await the availability of code to test.

a discerning reader could come back to me right now and say "but the equilibrium of difficulty is broken"

difficulty rises but the price has not, well, this comes down to a few aspects , some natural market and others relate to the flaws in the "one cpu one vote"; that; implementation outside of the white paper has proven.

the market is correcting that right now, but unfortunately some will be blinded by the "light" that is "Bitcoin" the brand and not the protocol.

CPoW or whatever you want to call it has gone some way too that , but there will no doubt be further improvements.

people come back and say "there will always be hardware specialization" , and I've always told people "software innovation can easily out-pace hardware specialization".

 

I don' think you are getting it, but this is possibly a political nativity, they are saying they will do the hard sell to other chumps to get them to take this road.

---

I have one question and its of an economic nature, here it is:

If i'm X with 1000 BTC now I have a "Stake" in Bitcoin, agreed?

To get this stake i had to either:

A: Mine it using PoW
 
or

B: Purchase it with fiat money or good or services (essentially packaged energy)
  
of course i might have realized a large profit up until this point (transfered energy) , but>

now to further my Stake, I need to expend more work in some way, (so let me give you an example.)

*lets exclude transfer for the now as its irrelevant to the conversation directly, but lets come back to it.

I might need to buy hardware to mine more PoW currency as per the equilibrium of difficulty.

or

I can directly expend (packaged energy) fiat or goods and services to gain more "stake"


So in summary i can conclude that , Proof of stake is basically a shell game that gives and owner of the stake(energy) an increasing reward(energy) thus centralizing the network and breaking a bunch of fundamental laws of economics.

having said all of that , my question is simple - does more "stake" give more "votes" as per the "one cpu one vote" principal?



** i still believe that you could be able to implement this don't get me wrong, we know the human race is fundamentally docile, however where it will fail is in the execution, you should read over some of my theories on decentralized economics.

This system would fail for the same reasons the current banking system is failing and its centralized media outlets, basically the theory of decentralized multidimensional information flow and how that effects competition.

i will give them to you once i have refined them a little.

sorry for the rant the simple question again:


does more "stake" give more "votes" as per the "one cpu one vote" principal?

if your answer is yes,  that's a "double spend"  of  "packaged energy" think about it.

well when i say its a "double spend" it had to come from somewhere, so let me think on this, its transfered from the decentralized network. oh, of course its an implosion.

wow.

The transactions are moved across the world by the nodes, and then kept secure essentially by the miners.

So it's not wasted! But certainly half wasted!

Nodes are so important and if the transaction volume picks up, eventually the security of the network will be in few hands because only a few people will have the chain.

Even miners do not need the chain anymore. The chain keepers (nodes) have no incentives.

Comments from the Bitcoin core developers mail list . . .

• Referring to the subsidy for miners as "wasting it on miners" isn't going to garner you much favor.

I subsequently removed the word "waste" from the paper and substituted "effort" where needed.

Thanks Andrew for your thoughtful comments. I will keep them in mind as I devise the system test plan, that in turn guides the code to be written.

I will attempt to orchestrate public test scenarios that include the bad things you describe, and show whether the system works or not. If the system works, then indeed proof-of-work will be shown to be a wasteful Bitcoin design. If the system handles various byzantine faults and misbehavior, then the algorithm's adopted from Nick Szabo and others I reference will manifestly demonstrate a solution to what up to now has not been solved in Bitcoin.

As the tests proceed next year, I hope first that the simple tests work, and second that you and others propose more difficult challenges.

Hi SlipperySlope,


I see you've updated your whitepaper today (May 20), and I think also every day before that. I have a few comments, though I've got a lot of reading to do so I can't promise I'll follow up on them in a timely fashion.


1. You spend a bunch of the first part of your paper claiming that Bitcoin's proof-of-work system is wasteful and that hashing is "single-purpose". (This is a common meme on here and Reddit, I understand — in general, I'd advise you when learning about Bitcoin to not pick up ideas from this website unless they originate with somebody who is a known expert on Bitcoin.) I recently had a discussion with fenn on ##hplusroadmap about the "single-purpose" claim as well as the "zero-sum" game. Notice that there is no known way to achieve distributed consensus without proof-of-work, so these claims that the entropy production is unnecessary are extraordinary and require significant evidence.

2014-05-11 12:20:10     fenn    it's a zero sum game
2014-05-11 12:20:32     fenn    except for the value of the network of course
2014-05-11 12:20:55     fenn    network value is independent of number of hashes being performed
2014-05-11 12:21:36     kanzure do you know what the hashes are for?
2014-05-11 12:27:58     fenn    "Any block that is created by a malicious user that does not follow this rule (or any other rules) will be rejected by everyone else."
2014-05-11 12:29:18     fenn    "Each block memorializes what took place immediately before it was created."
2014-05-11 12:29:49     fenn    New blocks can't be submitted to the network without the correct answer - the process of "Mining" is essentially the process of competing to be the next to find the answer that "solves" the current block.
2014-05-11 12:30:24     fenn    each hash is a "guess" at the answer
2014-05-11 12:30:59     andytoshi       fenn: you are totally missing the forest for the trees
2014-05-11 12:31:11     andytoshi       like if you said aerobic respiration was a process for binding carbon to oxygen
2014-05-11 12:31:33     fenn    he said "do you know what the hashes are for" and i answered, what do you want
2014-05-11 12:31:40     andytoshi       and when asked what it's for, you started talking about valence electrons and how respiration gets you the right reconfiguration
2014-05-11 12:32:13     andytoshi       fenn: the hashes give a way to translate computational resources into something cryptographically verifiable
2014-05-11 12:32:21     andytoshi       that's what "proof of work" refers to
2014-05-11 12:32:35     fenn    it has nothing to do with computational resources
2014-05-11 12:32:48     andytoshi       it lets you /define/ the system mathematically so that it is hard to rewrite history
2014-05-11 12:33:08     andytoshi       fenn: the correct answer to kanzure's question was "no"
2014-05-11 12:33:24     fenn    it's just the ability to do this particular cryptographic algorithm, which happens to be implemented on something resembling a computer
2014-05-11 12:33:52     -->     drewbug1 ([email protected]) has joined ##hplusroadmap
2014-05-11 12:35:21     fenn    you can take all the bitcoin asics in the world and the won't be able to add 2+2
2014-05-11 12:35:52     chris_99        heh
2014-05-11 12:36:14     <--     drewbug (~Adium@fsf/member/drewbug) has quit (Ping timeout: 240 seconds)
2014-05-11 12:36:30     andytoshi       yeah, and you can take all the aerobic biomass in the world and they won't be able to either
2014-05-11 12:36:54     andytoshi       and yet here we are huffing and puffing as we type frantically
2014-05-11 12:37:01     fenn    the difference is you say one is "computational resources" and the other isn't?
2014-05-11 12:38:09     andytoshi       ?? the difference is that respiration is used to provide useful energy to the organism while bitcoin hashing is used to translate a fact of physics to a fact of mathematics
2014-05-11 12:38:22     andytoshi       they are more alike than they are different at the level we are talking
2014-05-11 12:38:42     andytoshi       in both cases they are a mechanism for taking resources from the environment and translating them into a form that the system can use
2014-05-11 12:38:44     fenn    but cells are more general purpose than bitcoin asics
2014-05-11 12:39:06     fenn    even "specialized" cells can do a large number of things
2014-05-11 12:39:16     andytoshi       i'd like a citation that DNA is more expressive than bitcoin script..


You later suggest that checkpoints are an improvement on consensus. This is not true. Checkpoints have nothing to do with consensus. Nada. This has been beaten to death by myself and several others, and is another example of a bitcointroll meme infecting your thought. Above you say that proof-of-stake is the reason that Peercoin is so popular. But Peercoin has been centralized from the start, and has no plan for ever being decentralized. Of course a centralized consensus system is able to be more efficient than a trustless one.

You compare Bitcoin confirmation times to CC transaction approval times. This is nonsense. There is no amount of time after which CC transactions are really irreversible in the sense of Bitcoin, but even the amount of time to eliminate the trivial "call the CC company and dispute the charge" method of reversal is several months. So you should be comparing hours (for Bitcoin) to months (for CC companies). If all you care about is transaction "approval" this is limited only by the speed of the network, just like with CC's, except that the Bitcoin network is more distributed and anyone can verify transactions, so the uptime is better. Again, this has been beaten to death here.

You say that Primecoin is an example of a "useful PoW". But there is no known use for Cunningham chains, and Primecoin has an awful awful "proof" of work which fails pretty-much every point laid out in my ASIC FAQ.

You repeatedly describe the adversarial nature of the Bitcoin network as something Satoshi made up. But adversariality is a fact about the world and not something you can model away when designing a decentralized cryptosystem.


2. I haven't look into your tamper-resistant logs but I worry about how efficient these can be regarding both CPU time and bandwidth, since you have every transaction producing a bunch of these, in some cases from cell-phones or other transaction-producing devices. It looks like at every time you have a single mint who gets to decide what order transactions occur in and which ones are valid or invalid. It's not clear what happens if the node approves conflicting transactions (I guess he gets banned when the next block is produced, but then how do you decide which one was the "correct" one? This does not seem to achieve the "instantly confirmed transaction" scenario I think you are going for.)

Also, don't use Bitcoin addresses for authentication. They can be used to authenticate against "the owner of coins sent to this address" but pretty-much nothing else. Addresses are payment identifiers and confusing this purpose with that of signing keys is only going to cause user error.


3. As we discussed in Austin, this nomadic business makes historic consensus tricky. Suppose the superpeers wind up in being in Vancouver for the summer. After some time they move on to London, so I have an opportunity to buy all the old superpeers' hardware from them for cheap prices. I use them to rewrite some history sufficient that they now pass off to a system in Austin which I control. From there on I'm able to do the usual stake-grinding or whatever tricks to maintain possession of the entire superpeer network forever, just sending it to my hubs around the world. If I were andyfastow rather than andytoshi I'd even set up a bunch of shell corps to disguise that I was doing this.

The point is that if you want to prevent rewriting history, you need to trust everyone with an ability to manipulate history, forever, even long after their incentives to help the network have gone. You need to prevent old hardware from winding up in unsecured dumps, from being stolen, from being hacked, etc., etc. I'd wager most TPM chips out there will expose their keys to (at least one of) the Chinese or Americans.


4. When you talk about trusted computing, what is the actual trust model behind this? I assume you need an authenticated channel to the TPM to verify the machines' software, but when you are only talking to a node through a network it is unclear to me how you can trust that you're talking to a real TPM which is really installed in the system that you're communicating with.


Andrew

Sorry - that statement is no longer operative. I love Java but after a month of study I realize your point entirely. Everything related to bitcoin core will be C++. There will be no reference pool software, because there are no mining pools in the final design. I will use python to needed testing tools, beyond what has been already contributed to bitcoin at GitHub.

Why Java?

Almost all CryptoCoin's and their associated programs are written in either C, C++ or Python.

Java isn't really seen in a good light in the CryptoCoin community.

When I say faster, I mean the typical customer check-out experience at point-of-sale. You verify the payment account at a terminal, swipe a card, and collect the receipt. When I say more certain, I mean to cover the odd case where a bitcoin transaction makes into a block after a certain delay, or the less likely, but worse case when the transaction never gets into a block. The bitcoin network forwards transactions on a best effort basis. There are no guarantees that the transaction will be recorded into the blockchain.


Proof-of-stake was immediately recognized as a very attractive idea when first proposed back in 2011. It is the main reason why PeerCoin has the 4th highest market cap. Satoshi admitted that his design would eventually force miners to congregate in locations with the least expensive power, as math shows that competing miners will use all the block reward to support their efforts.

Yes this is a problem that this design does not handle directly. Rather I consider it the sort of catastrophe that is best dealt with by a network operations center. In the case of current Bitcoin, the lead core developers can issue an alert, and mobilize the community to download a new software version. In constrast, enterprise data networks, especially the incumbent financial data networks have network operations centers that rehearse detection of, and recovery from such faults.

This design provides funding for such a center, run in a decentralized manner by autonomous trustless agents to the greatest possible extent.

Very interesting paper!  Thank you for discussion here. 

Two comments:

"In contrast, incumbent credit/debit card payment systems are faster [3] and more certain for consumers. Incumbent bank wire transfer, e.g. Swiftnet [4], is faster and more certain for business-to-business users. Incumbent payment transfer systems have data security policies that Bitcoin lacks [5] with regard to protecting host computers and customer data, e.g. private keys."

I disagree with these statements.  Incumbent systems do have advantages but they are not necessarily faster or more certain (can be reversed up to months later).  As for security policies the incumbent systems are all way behind (pull system, no triple accounting, etc).

Second comment:

Why?  There is no reason to use proof of stake.  Saying that miners use too much energy is simply saying miners are not smart, not that there is a problem with proof of work.  Miners are free to use as much energy as they like.  Proof of stake looks to me like a solution in search of a problem.     

intresting. will take a close look

One problem I have started to think about a lot about PoS in general is long-range attacks: what if you try to 51% attack a PoS blockchain straight from (or very close to) the genesis block?

To explain this, consider the following. First, suppose that 90% of all coin owners suddenly disappear. Will it be possible at all to generate any more blocks? Suppose yes. Then, an attacker with 10% stake will be able to fork the blockchain at some point 3 years ago, and then let it develop inside a virtual server. After generating a few million cost-free blocks, the attacker now publishes this new chain. How does a new node differentiate between the legitimate chain and the offending fork?

The second problem is long-range nothing-at-stake. Slasher fixes the short-range nothing-at-stake problem, but if a fork does start 50000 blocks ago, then there still is no incentive not to mine on both in parallel. Even with transactions-as-proof-of-stake, transaction senders have the incentive to send conflicting transactions into the other chain in order to double spend themselves. But maybe this issue will turn out to be not that important in practice.