Topic: AI Coin Development Diary - page 15. (Read 49308 times)

I gather the plan is to spend several years developing the technology, proving it and building consensus. I presume one of the goals is to keep the protocol as compatible with Bitcoin as possible, so authors of wallet software etc will find it relatively easy to support.

I don't know how practical this is. The root post mentions "a sandboxed testnet that periodically forks the Bitcoin blockchain". To me that sounds like I won't be able to buy anything with the testnet coins, and any trading I do will be wiped out when the next fork happens, because the testnet block-chain will be over-written with the latest Bitcoin block-chain. So, nothing will be at stake in the testnet. Those conditions are so unrealistic that I'm not sure any system can be said to have proven itself under them.

After that, although it might be theoretically possible to gradually evolve Bitcoin into Bitcoin-PoS, with both PoW and PoS blocks being accepted as valid by nodes for a while until all nodes upgrade, that isn't what the root post in this thread proposes. Instead it proposes a "big bang", go live with one last snapshot of the Bitcoin block-chain. After which, it will be a fully-fledged altcoin which will coexist alongside the original Bitcoin.

The goal is to preserve Satoshi's social contract. Presumably this includes the rate at which new coins are created.

The miners are not the only stakeholders. What really matters is whether the users want to own the new coins or the old. I think the goal is to make it very easy for them to switch. So the authors of wallet software are important stakeholders, because they can ease the transition for users. It's also important that the new coin is a fork of the old, because basing it on a snapshot of Bitcoin's block-chain means the value of users' holdings in Bitcoin is preserved in the new coin. If the users then prefer to buy the new coins, the value of old Bitcoin will crash and the miners will be in trouble anyway, because the block reward will have less real-world buying power.

A core belief here is that PoS is simply better, and will carry the day on merit. It does seem to me that transaction fees ought to be lower with PoS. That hardly matters today because the block reward is so high. It will matter more in a few years with the block reward halves. Anyone with any foresight can see that after a few halvings, and after a few more years of the PoW hashpower arms race continuing, that Bitcoin transaction fees will have to grow a lot to cover the cost of the miners' hardware. If PoS can offer a similar system with greater efficiency, and that translates into lower transaction fees for users, then it has a real chance of winning users and other stakeholders. Basically, all stakeholders except the miners. And the great thing about PoS is that it doesn't need the miners because it's not computationally expensive. And we don't have to wait for the block reward to happen to make these judgements. The stakeholders - the venture capitalists, the people who make hardware wallets, point-of-sale terminals, Bitcoin ATMs - will place their bets based on which network they consider to have the most long-term future value. And that won't be PoW because PoW is painting itself into a corner.

(All assuming PoS can be made to work. Of which I have yet to be convinced. And as I mentioned above, I also have reservations about whether a currency can really be considered to have proven itself on a testnet.)

With the exception of certain full nodes in the P2Pool, existing ASIC miners do not participate in the Bitcoin network. They provide shares of hashing power to their respective pools in return for daily payouts. My pitch for Bitcoin 1.0 would be to the pools who could retain a lot more of the $500 million passing through their hands each year. There are only 12 or so to persuade. There are about 7300 other full nodes that verify the blockchain and have the power to ban other full nodes who misbehave. Either a majority of existing full nodes must migrate to this project's version, or they must somehow be greatly outnumbered by new paid full nodes on the new version. Other powerful entities in the Bitcoin network include the exchanges and payment processors. Nearly all of these must be on board with the new version. I believe that they would be swayed primarily by popular opinion, and to a lesser extent by the possible zero-confirmation, and lower fee transactions, made possible by the single temporary mint.

I plan a friendly takeover of the blockchain in some possible future world, where I am effectively invited to do so by Bitcoin experts, media, and the public. There will be no doubt those who get spun out on the old blockchain with the old client. But I simply do not see how they could compete with this project.

I want the bitcoin experts to recognize this project as an unimplemented Bitcoin system. That requires passing a very strict test regarding the Satoshi Social Contract. A draft project whitepaper will formally specify how everything is to work. It will no doubt be revised many times, perhaps even after coding and testing reveal glaring errors on my part.

It is precisely BECAUSE of what you described that if any PoS would ever be implemented by anyone based on Bitcoin blockchain, it will be a fork, or an altcoin, and not Bitcoin. And therefore you and all of the ASIC miners will have no say in the process, because it has new rules.

If people see that the intruder is gaining in value and Bitcoin is losing it, they may try to get extra share of the new coins by selling their Bitcoins, hastening their demise. The original Bitcoin proponents will only lose, though, if they have sold the spinoff, thinking that it is worth nothing.

Bitcoin uses proof-of-work, and therefore the majority of the hashing power decides. Why would the current stake-holders be so stupid to switch to a system which is unproven and where there economic advantages, i.e. their capital investment becomes worthless? That makes no sense whatsoever. Coin creation in Bitcoin doesn't arbitrarily change. That's why its a solid system. If such changes were possible Bitcoins would be worthless. All of this should be obvious to anyone who wants to understand why Bitcoin works. The reason is works is that hashing-power can not possibly become worthless. And those that own the hashing power will not agree to give it up. That's the fundamental limitation as well.

I am afraid you are mistaken. If the coin creation method is changed, the ASIC owners have nothing to say. Only the economic decision of the coin owners will matter. If after the fork everyone tries to dump the PoS coins, it proves they are worthless. If everyone tries to move to PoS selling their PoW coins, the previous version with ASICs is worthless.

If you are so interested in these kinds of things, you should study the problem first. You seem to overlook some basics of Bitcoin. The current stakeholders, i.e. ASIC owners, have no interest in giving up their money printing press. To make changes to Bitcoin you need the consensus of those who have mining power and developers ("community consensus"). That community consensus is very clear.  Bitcoin will never move to PoS.

Yes, the question posed on the bitcoin-wizards irc channel was . . .

I need to work through the math of proof of stake consequences for blockchain forgery. I also have ideas for full nodes performing queries to several of the super-peers who in response give the current hash - similar to how SPV nodes trust the network, and which I now must study.

Not sure I get the question?

Transactions cannot be forged because all transactions
are signed using private keys.

A node cannot change that.

PoW or PoS creates consensus at the block level
and every block must cryptographically mesh or link
to the one before it.

Misbehaving node problem

With a hub and spoke network architecture, what guarantees that information received by the endpoints has not been corrupted by an intermediary? Satoshi solved this problem with proof-of-work embedded into the blockchain which makes forgery difficult.

How does proof of stake prevent forgery?

Bitcoin Proof-of-stake Super Peer Network Diagram

Here is a proposed network diagram for how Bitcoin scales to accommodate all the world's financial transactions plus the numerous additional transactions expected from transaction-bots, e.g. the Internet of Things. One of the illustrated super-peers is the temporary mint that creates the new block on the blockchain that contains all the new transactions that efficiently flow inbound from wallets at the spoke endpoints. Transactions reach the mint in at most 3 hops. New blocks efficiently flow in the opposite direction, from the temporary mint super peer out to the full nodes that verify and replicate the blockchain.

Unlike the current Bitcoin network, all connections are SSL/TLS encrypted with X.509 authentication at both endpoints. X.509 certificate management has not yet been designed. Satoshi's network protocol does not need encryption to protect the contents, yet why let anyone even count transactions before they reach the public blockchain?

Note that I have not yet designed the procedure to re-join two such networks after a catastrophic separation - the split brain problem.

Not directly related to your round-robin rotating single mint idea (which I still haven't fully wrapped my head around), but you may wish to add this to your reading list at the top of the thread:

http://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/

I like the creativity. Keep exploring and combinations and possibilities.  Maybe you will hit on something good.

The checkpointing that is used in bitcoin, is I think, related to the math probabilities I alluded to earlier.  The PoW scheme is not guaranteed to avoid a split network but diminishes in probability the wider the network is.  This just a hypothesis.  Someone needs to write it out though, and this will illuminate and clarify the possibilities for PoS.

After-the-fact Distributed Consensus and Repair

I proposed the super-peer, round-robin mint, as a solution to the decentralized consensus problem. Thoughtful critics have questioned the central power of the temporary mint. My initial response was to use a weak analogy with the mining pool situation today in which miners judge which pool is most honest. I think that response satisfactorily covers mining rewards, but says nothing about the risk under my scheme that the temporary mint could misbehave constructing the new block - then what?

I am now revisiting distributed consensus using the notion of checkpoint. Immediately after the new block is created by the temporary mint, there is one chance for collective malfeasance detection and repair. In my scheme, there are 100 well-compensated super peers having at least a total of 8,000 compensated full nodes - the current number - as direct clients. I task each of these with validating the performance of the temporary mint in the 10 minutes before the mint responsibility gets passed along to the next super peer.

Correct block creation should be easy to verify. Only a single new block may be added to the blockchain. All the transactions in the new block have been circulated around the super peer ring. They are well interconnected, so none get lost. The audit trail provided by the temporary mint explains how its algorithm selected or did not select particular transactions. Likewise the audit trail, available for algorithmic inspection, lists the aggregate stake-shares submitted by the temporary mint for its direct client full-nodes, as well as the aggregate stake-shares submitted by each of the super peers. The distributed block reward portions to each super peer can be verified. I mean to ensure that every aspect of the temporary mint's behavior provides justification that is subject to algorithmic verification by thousands of peers.

As a first thought, I suppose that a quorum of super peers and their respective full-node clients verify the actions of the temporary mint. If a certain number of them invalidate the actions of the temporary mint, then the new block is reverted in the same manner as current full nodes deal with a wrong fork. The reverted transactions join the set of those awaiting incorporation into a new block, and the next temporary peer recreates the new block. The misbehaving peer is algorithmically penalized, to an extent not yet designed.

I dub this idea "after-the-fact distributed consensus and repair", provided that it has not already been invented by one of the bright minds around here.

Could you suggest some web pages, documents or discussion threads here that I should study?

I am starting here . . . What are checkpoints in bitcoin code? and a critque . . .
Bitcoin code has checkpoints, controlled by centralized small group of people.

[update]

OK, I read a few posts and instantly got it. The Bitcoin Core code has blockchain data information encoded into it as constants, to prevent the full node from processing purported forks from before a developer-consensus date where those developers believe that the blockchain is immutable. This the sort of software engineering pragmatism that skirts the edge of the Satoshi Social Contract and one can understand the idealistic debate around it.

That empty debate is a precedent for what I need to do. The social contract is about certain unchangeable aspects of Satoshi's design. I believe that checkpoints are a great example of how the social contract is maintained while bowing to practical software engineering realities.

I, for one, am not critiquing other proof-of-stake implementations. The defense of NXT and PPC is up to their respective supporters, which can happen here as we all can learn from the debate.

The super-peer network I've proposed together with a round-robin single mint, is very attractive from a software engineering point of view. Namely 2 hops from transaction origination to blockchain. Only one confirmation is required. No redundant work. No orphans, No forks. Highly scalable with a high performance backbone which is a good thing because transaction growth is 3.2x annually.

Questions are focused on the super peers and the sorts of things that can go wrong with them. Answering these questions is my focus at the moment.

I believe using an approach like this in proof of stake sounds more feasible than in PoW.

You could implement a weighted, decentralized checkpoint system for PoS.  As per your example, the top 100 PoS wallets could be referenced for the checkpoint since we're relying on game theory to make any of this stuff work.  It doesn't seem like the majority of the top 100 peercoin/blackcoin/whatever wallets would be interested in destroying their investment.

I'm sure there's dozens of ways to weight checkpoint negotiation without using an arbitrary number like the top 100 wallets online as well.

Exactly: the correct departure point to start from.
If peercoin or especially nxt PoS consensus model does lack certain necessary conditions, then please address them mathematically.
This way you'll arrive into a math problem for which you can see what obstacles you have to overcome and pass to solve the problem theoretically first of all. An engineering approach is not always the best one when attacking a problem of fundamental nature.

Personal communication with andytoshi . . .


I will ponder your questions a bit. My solution necessitates centralization in order to avoid the distributed consensus problem.

I suppose that with a sufficient audit trail the other super peers and perhaps any validating full node can detect misbehavior after the fact. There is a degree of human trust in today's network. Miners trust pools to fairly deliver the corresponding rewards. Almost all the rewards are distributed in this manner. I argue that the algorithmic portion of the social contract already accommodates human trust. I make it no worse I think.

This delegation scheme is close I think to how the existing Bitcoin network actually creates coins. A mere dozen or so greatly centralized entities - the pools - create nearly all the coins.

I rely on people's judgement to select primary and backup pools because that works today. My reference pool implementation will publicly log, in a realtime manner, all the operation details for audit by anyone. Anyone can check the calculations of reward distribution and why-or-why-not particular new transactions were incorporated into the block.

The super peer network, and round robin single mint, are indeed centralized - but no more I argue than the current system.

Experts say that the distributed consensus problem prevents proof-of-stake from ever working. Rather than solve this problem that has stumped better minds than mine, I remove the distributed part. This stretches the Satoshi Social Contract but does not break it I argue, when compared to the pros and cons of the current system.

Here is how I think about the centralization scheme of this project. Could it defend itself against a particular adversarial legal jurisdiction? Yes, because the pools can be located anywhere in the world. If one pool is taken down or subjected to a DDoS attack, the super peer Chord ring automatically heals, and the disconnected full node clients automatically connect to the prearranged backup pool.

At this point I believe Satoshi's fears of government ban or reprisal are overblown, yet they are still possible. What is more likely to attack Bitcoin centralization are patent trolls emboldened by short sighted notions of software intellectual property protection and greedy for the large sums of money flowing now through the network. Suppose my code infringes on someone's patent claims. I am not afraid. Operators of pools and full-nodes have some degree of anonymity and can move around to avoid the trolls.

There is a need to continue the block reward schedule to preserve the Satoshi Social Contract. The value of bitcoin depends on our belief that what we bought into will not change, especially that it will not get worse. Getting rid of wasteful proof-of-work, which by trend grows to $5 billion sometime in 2015, is the main thing.

Satoshi created the notion of block rewards to motivate miners. In this project, the need for miners to provide wasted work is removed. The motivation to maintain the integrity of the network and blockchain is moved directly to pools who today create new blocks and to their client full nodes that validate and replicate the blockchain.

The Bitcoin network I propose in this project should be secured to financial enterprise class security and performance at a far lower expense than what the existing network is doing buying mining rigs that will certainly be junk in two years and for power.

But what to do with the surplus rewards? I say grant them because Satoshi created a  block reward schedule that this project is held to. I welcome your ideas on how to distribute the awards, in addition to ideas that I have.