Topic: [ANN][YAC] YACoin ongoing development - page 95. (Read 380091 times)

Here is an example I had in mind:
Rogue miner is mining private chain and when he gets far into the future he starts mining with higher difficulty than he thinks real difficulty will be at that time. If you just compare latest blocks when he releases his chain you might prefer his fork.

Remind you that I do not know how chain forks get compared in detail.

Yeah, but another flaw is that the protocol does not enforce alternation of PoW and PoS. Say an attacker somehow manages to make a chain that 100% alternates between PoW and PoS - it WILL have higher trust score and WILL overwrite the old chain. Also note that this type of attack will have lower energy cost than the network spent on its non-perfect chain. Perfect chain costs less (!!) than imperfect one.

However, if we were to actually enforce such alternation, pools will be starving when PoS block should be generated.

I think block reward (excluding transfer fees) is completely determined by difficulty of the block, and therefore, does not provide any information independent of difficulty. Not sure if it may simplify certain computation though.

I mentioned the PoS interval not as something directly related to chain trust calculation. Just that since we're going to have a hard fork anyway, may as well think broader about what else we may want to put in and change things in one go.

As mentioned before: PoS block spacing and thus occurrence can be controlled.

Difficulty alone is most useful for block to block comparrisson (but not only that).
I am trying to point out that PoW currency supply can be used as additional input for calculating chaintrust. It can be looked at as a historical difficulty average.

Even if you leave the attacker control over number of PoS blocks, you can still average the sum of PoW rewards over number of PoW blocks and use that as factor.

Not neccessarily true with eg. 50% PoS blocks in the attacker's chain.
Relying of PoW difficulty itself might be ok, though - see the pastebin a few posts higher.

Another thing regarding chaintrust calculation:

Since reward considers difficulty and get's lowered with higher difficulty, private miners would produce higher supply in equal timeframe.
EDIT: presuming PoS block count is equal or similar (but that can be enforced)

What we need is a proper way to calculate the chain trust.

Can we define the criteria that no one POS-block can orphan more than N POW-blocks? Where N for example = 7.

I had a similar idea a while ago (with no-consecutive-PoS rule, though): http://pastebin.com/L8THNBZ4
Not sure if lowering the PoS interval would help us much.

Is it ok to set the trust score for a POW block to be the difficulty? For a POS block, if the previous block is POW, assign the same trust score as that POW block; if the previous block is POS, divide that POS block score by 2 (or a similar factor)? The propagation of a POW block score through the following POS blocks would then die down quickly. The score for any chain is just the sum of scores from individual blocks. I'm not sure whether N factor need to be accounted for here.

The basic issue seems to be that there is no obvious way to compare the trustworthiness of a POW and a POS block. POW blocks can be compared with difficulty, which is tied to how costly it is to generate them on average. POS block doesn't have any obvious cost of generation that can be compared. If I'm not mistaken, YACoin is currently using coin-age for this comparison in a way that greatly favours POS, hence the potential for a POS block to be selected over a long sequence of POW blocks. However, coin-age isn't a cost at all because there is no alternative use for it. The money you use in POW mining is a cost because there are some other nice things you can use the money on, and you sacrificed that opportunity. In the above suggestion, I'm just trying to rate a POS block similarly as a POW block at the time, unless it's following another POS block. The part about getting lower trust score if the previous block is POS, is not because I want to put POS on a lesser footing. It's just because I don't want the influence of an individual POW block to propagate far.

In any case, regarding some kind of criteria for keeping POS:POW blocks ratio near an expected/optimum value, the following need to be considered. Let's say you increase or decrease the score of a chain based on how close the POS:POW ratio is to 1:10. Denote POS block by S and POW by W. A short sequence like WWW may then be chosen over a sequence like SWS at some point in time. However, that could then quite easily be followed by 20 W's. Considered as a 23 blocks chain together with the 20 W's, the previously rejected SWS segment could then have a very favourable role to play in the score. The point is if trust score depends on some larger scale features of the blockchain which span many blocks, the score contribution of an individual block can change over time, from unfavourable to favourable in this example. The very same criteria that leads to rejection of some blocks, could turn around and value those highly at a later point. Having a score assignment criteria that looks farther into the past should also provide more opportunities for this effect to show.

Another question I think we should think about now is whether the block target for POS should be decreased. For example, changing it from 10min to 5min could make it more helpful in case POW is generating too few blocks, but the average block numbers per 10 minutes is only changing from 11 to 12.

1.
Private mining needs wider timespans between PoW blocks in order to keep difficulty low.

	t1	t2	t3	t4	t5
◔	▉	▉	▉	▉	▉

Average of PoW block intervals ( t[ i+1 ]-t[ i ] ) should be therefore longer with fake chains. And that can be used for chaintrust calculation.


2.
Window for one PoS block opens randomly

Prevents miners to exclude PoS blocks and replace it with more profitable PoW. I think it also makes it a bit harder to prepare for network takeover with private PoW mining on lower difficulty after PoS is found. With shortening intervals on each Nfactor change it also enables gradual PoS mechanism takeover.

Example formula: mod(last1440blocks.getTransactionCount(), x) ==  0
X could range from 500 ( approx. 1-3 times a day ) down to 10 (every ten minutes).


3.
No two consecutive PoS blocks allowed (prevents PoW block orphaning)

---

What would be an possible attack scenario or significant shortcoming if this is implemented?

I think I have a solution (not centralized) for comparing different blockchain forks.
However I need some more information.

How do yacoin clients fetch data from other peers - do they ask for latest block and then get them one by one by previous block link or do they go in other direction and ask peers for next block from the time of their most recent block on disk?

You can generate PoS blocks without even trying and as it is now, they can "overwrite history", which is bad.
For PoW, however, you must spend a lot of electricity so it actually costs you something (quite a lot) trying to change history.

It's forked from an older version of Novacoin.

Since YACoin is a fork of NovaCoin, who it not have this feature already it it? I mean YACoin comes from Novacoin.

I can't seem to wrap my mind around it, why is POS untrustworthy and POW trustworthy? So I have to trust a miner who has millions and millions of hashing power that he will not generate dozens of blocks in a series? That happens now, everyday and no one seems to care.

If it's cryptsy's cold storage with YAC trading still disabled and some people too lazy to withdraw, though...

That was my first thought too - It might be bter or crypsty. 

If it is, we should see coins coming and going from the wallet as well.