What's to stop the double spender sending the same proof to both parties involved in the attempted double spend?
Cryptography.
Topic: Are instantly confirmed decentralized transactions even theoretically possible? - page 2. (Read 4435 times)
October 02, 2015, 01:20:57 PM
Cryptography.
October 02, 2015, 01:11:44 PM
Thank you for the math, but what about the idea of providing the proof that coins weren't spent and won't be doublespent? Depending on your definition of "decentralized" I might describe a system that will work.
What's to stop the double spender sending the same proof to both parties involved in the attempted double spend?
October 02, 2015, 12:54:11 PM
As I pointed upthread, quantum cryptography may give us instant confirmations even with finite speed of light (and CAP theorem).
October 02, 2015, 12:28:54 PM
Regarding the speed of light:
Of course it would be limited by the speed of light; let's not go full retard here. I suppose I should be more precise: by 'instant', I am obviously referring to 'within seconds'.
Of course it would be limited by the speed of light; let's not go full retard here. I suppose I should be more precise: by 'instant', I am obviously referring to 'within seconds'.
If you assume the speed of light is infinite then, yes, I believe that instant confirmations would be theoretically possible in a decentralized network.
Like I said early, even considering the actual speed of light and the actual size of the Earth, I believe with a sophisticated protocol and advanced networking hardware, it would be theoretically possible to achieve confirmation times measured in seconds.
October 02, 2015, 11:51:24 AM
It doesn't matter what POW/POS/POx you employ, instant (as in confirmed at time of creation) transactions are a daydream.
Regarding the speed of light:
Of course it would be limited by the speed of light; let's not go full retard here. I suppose I should be more precise: by 'instant', I am obviously referring to 'within seconds'.
John-Conner has supopsedly created a system that allows almost instantaneous transfers, while having the difficulty of a doublespend improbable. obviously not impossible.
you would have to ask him about it.
you would have to ask him about it.
I have studied this vanilla coin and most of the mathematical experts I have asked about it claim that its implementation is suceptible to Sybil attacks. As well, this coin stole a lot of code from bitcoin and other alts. And on top of that, the dev has lied and spun stories endlessly and at this point has completely destroyed all notion of credibility. Unless I hear a mathematical guru that I trust do a review of one of these "white papers" that they like to put out, and tell me it's 100% solid, I have no faith in it.
Lol Ok lets not go full retard, but I don't "read between the lines" when technical questions are asked, if/when that starts to happen people get confused
If your timescale is 5-10 seconds or so, then yes it is possible to do although with some caveats. Depending on the architecture of the platform you may run into other issues that you have to consider (block chain + fast block time = high orphan rates = inefficient use of network bandwidth).
If you want to go faster than that, then you need a different architecture entirely, block chains don't play well with block times < 5s unless you start to move to a semi-centralized operation.
Regarding vanilla coin, it is susceptible to Sybil attacks and you can DoS the zero-time feature fairly easily from my understanding of its operation.
October 02, 2015, 10:21:27 AM
You may take a look at MaidSafe, a fully encrypted P2P file storage (think RAID over users' machines) and computing platform that claims to not require any blockchain.
Their integrated SafeCoin would work just like physical cash, i.e. instant transactions, no blockchain required, full anonymity, because their coin data-structure (just like any piece of data in the system) will be de-duplicated before distribution to users' nodes, hence *double*-spending is prevented already a-priori.
The question of course is then about the security of their over-all system. The problem at this level would appear to be mainly Sybil attacks. They claim to employ a "proof-of-resource" along with a node-ranking system. As development isn't finished, the system hasn't been proven to work in theory (3rd party academic peer reviews), let alone in practice yet.
Their integrated SafeCoin would work just like physical cash, i.e. instant transactions, no blockchain required, full anonymity, because their coin data-structure (just like any piece of data in the system) will be de-duplicated before distribution to users' nodes, hence *double*-spending is prevented already a-priori.
The question of course is then about the security of their over-all system. The problem at this level would appear to be mainly Sybil attacks. They claim to employ a "proof-of-resource" along with a node-ranking system. As development isn't finished, the system hasn't been proven to work in theory (3rd party academic peer reviews), let alone in practice yet.
October 02, 2015, 10:03:36 AM
It doesn't matter what POW/POS/POx you employ, instant (as in confirmed at time of creation) transactions are a daydream.
Regarding the speed of light:
Of course it would be limited by the speed of light; let's not go full retard here. I suppose I should be more precise: by 'instant', I am obviously referring to 'within seconds'.
John-Conner has supopsedly created a system that allows almost instantaneous transfers, while having the difficulty of a doublespend improbable. obviously not impossible.
you would have to ask him about it.
you would have to ask him about it.
I have studied this vanilla coin and most of the mathematical experts I have asked about it claim that its implementation is suceptible to Sybil attacks. As well, this coin stole a lot of code from bitcoin and other alts. And on top of that, the dev has lied and spun stories endlessly and at this point has completely destroyed all notion of credibility. Unless I hear a mathematical guru that I trust do a review of one of these "white papers" that they like to put out, and tell me it's 100% solid, I have no faith in it.
October 02, 2015, 09:08:57 AM
CAP theorem suggests otherwise...
https://en.wikipedia.org/wiki/CAP_theorem
For a transaction to be instantly considered confirmed, all requirements of CAP theorem would have to be fulfilled, and it is generally agreed that this can not be achieved.
More simply, all nodes in the network would have to receive it at exactly that moment...which is of course not possible due to the speed of light limit.
It doesn't matter what POW/POS/POx you employ, instant (as in confirmed at time of creation) transactions are a daydream.
https://en.wikipedia.org/wiki/CAP_theorem
For a transaction to be instantly considered confirmed, all requirements of CAP theorem would have to be fulfilled, and it is generally agreed that this can not be achieved.
More simply, all nodes in the network would have to receive it at exactly that moment...which is of course not possible due to the speed of light limit.
It doesn't matter what POW/POS/POx you employ, instant (as in confirmed at time of creation) transactions are a daydream.
October 01, 2015, 09:33:25 PM
John-Conner has supopsedly created a system that allows almost instantaneous transfers, while having the difficulty of a doublespend improbable. obviously not impossible.
you would have to ask him about it.
you would have to ask him about it.
October 01, 2015, 04:30:55 PM
I am assuming a Bitcoin-like protocol and decentralization achieved with some sort of PoW process. I suppose what you're suggesting is possible if you can truly provide proof that the coins weren't and won't be double spent; however, I can't see how that would possible for any definition of the word "decentralized" that I would consider useful.
I have one PoW-based process in mind, but it's not Bitcoin-like. In your case I can propose nothing valuable.
October 01, 2015, 04:21:04 PM
If the size of the network is nonzero then the answer is no simply because of the speed-of-light constraints for the propagation of information across the network. For example, the circumference of the earth is approximately 40 million meters. The speed of light is approximately 300 million meters per second. Therefore it takes about 0.13 seconds for a signal to propagate once around the Earth. Now nodes within the network need to send information back and forth in order to come to consensus so the actual theoretically minimal consensus time is probably at least an order of magnitude greater than this.
TL/DR: no, but it may be possible on a time scale on the order of seconds under ideal conditions and using sophisticated networking hardware and a highly optimized protocol.
TL/DR: no, but it may be possible on a time scale on the order of seconds under ideal conditions and using sophisticated networking hardware and a highly optimized protocol.
Thank you for the math, but what about the idea of providing the proof that coins weren't spent and won't be doublespent? Depending on your definition of "decentralized" I might describe a system that will work.
I am assuming a Bitcoin-like protocol and decentralization achieved with some sort of PoW process. I suppose what you're suggesting is possible if you can truly provide proof that the coins weren't and won't be double spent; however, I can't see how that would possible for any definition of the word "decentralized" that I would consider useful.
October 01, 2015, 04:14:25 PM
If the size of the network is nonzero then the answer is no simply because of the speed-of-light constraints for the propagation of information across the network. For example, the circumference of the earth is approximately 40 million meters. The speed of light is approximately 300 million meters per second. Therefore it takes about 0.13 seconds for a signal to propagate once around the Earth. Now nodes within the network need to send information back and forth in order to come to consensus so the actual theoretically minimal consensus time is probably at least an order of magnitude greater than this.
TL/DR: no, but it may be possible on a time scale on the order of seconds under ideal conditions and using sophisticated networking hardware and a highly optimized protocol.
TL/DR: no, but it may be possible on a time scale on the order of seconds under ideal conditions and using sophisticated networking hardware and a highly optimized protocol.
Thank you for the math, but what about the idea of providing the proof that coins weren't spent and won't be doublespent? Depending on your definition of "decentralized" I might describe a system that will work.
October 01, 2015, 03:55:57 PM
If the size of the network is nonzero then the answer is no simply because of the speed-of-light constraints for the propagation of information across the network. For example, the circumference of the earth is approximately 40 million meters. The speed of light is approximately 300 million meters per second. Therefore it takes about 0.13 seconds for a signal to propagate once around the Earth. Now nodes within the network need to send information back and forth in order to come to consensus so the actual theoretically minimal consensus time is probably at least an order of magnitude greater than this.
TL/DR: no, but it may be possible on a time scale on the order of seconds under ideal conditions and using sophisticated networking hardware and a highly optimized protocol.
TL/DR: no, but it may be possible on a time scale on the order of seconds under ideal conditions and using sophisticated networking hardware and a highly optimized protocol.
October 01, 2015, 03:41:06 PM
OP this is an excellent question. The currently accepted answer is: no... The best attempt at solving the trustless P2P double spend problem is POW, which is far from being instant.
Even if you used a scheme where the private key was single use (A->B) and as soon as you signed a transaction the old private key was invalid this still does not help because you can still present the same key to two different parties in a race attack (A->B) and (A->C) - you still have the same problem. More here: https://bitcointalksearch.org/topic/one-time-signatures-to-prevent-double-spends-1129388
IMO the best we can hope for is probabilistically hard double spends with a more extreme difficulty curve than we have currently - producing old blocks is exponentially difficult in the number of blocks in POW, so if we can increase that exponent, along with reducing the block time, we can get close to instant without actually having truly instant confirmations.
Even if you used a scheme where the private key was single use (A->B) and as soon as you signed a transaction the old private key was invalid this still does not help because you can still present the same key to two different parties in a race attack (A->B) and (A->C) - you still have the same problem. More here: https://bitcointalksearch.org/topic/one-time-signatures-to-prevent-double-spends-1129388
IMO the best we can hope for is probabilistically hard double spends with a more extreme difficulty curve than we have currently - producing old blocks is exponentially difficult in the number of blocks in POW, so if we can increase that exponent, along with reducing the block time, we can get close to instant without actually having truly instant confirmations.
October 01, 2015, 02:59:32 PM
How, even logically, would a transaction be able to contain a proof that it has not been spent *anywhere* else on the network unless that transaction also includes a snapshot of the entire state of the network with it?
Check https://en.wikipedia.org/wiki/No-cloning_theorem, hypothetically you can measure level of the noise and assess how many times one particular coin was copied.
October 01, 2015, 02:20:24 PM
imho it is just not possible because it is somehow against decentralization model/design. because information must somehow spread over the network, it takes some machine time for distribution and communications within internet with other machines and considering this..well, it simply can't be instant.
If a transaction contains a proof that its money wasn't spent before and won't be spent in the future then it can be sent to the merchant and instantly accepted.
Come from Beyond you are talking about your Dagcoin proposal again from what I can tell.
I've tried to understand it, but it would appear that one of us is a fool in this matter (don't worry, I'm betting on me).
How, even logically, would a transaction be able to contain a proof that it has not been spent *anywhere* else on the network unless that transaction also includes a snapshot of the entire state of the network with it?
October 01, 2015, 02:15:22 PM
imho it is just not possible because it is somehow against decentralization model/design. because information must somehow spread over the network, it takes some machine time for distribution and communications within internet with other machines and considering this..well, it simply can't be instant.
If a transaction contains a proof that its money wasn't spent before and won't be spent in the future then it can be sent to the merchant and instantly accepted.
October 01, 2015, 02:08:04 PM
I guess the question is best framed as "Is there a decentralized way to have instant confirmations and a secure network?"
ahh now I get it what you mean..
imho it is just not possible because it is somehow against decentralization model/design. because information must somehow spread over the network, it takes some machine time for distribution and communications within internet with other machines and considering this..well, it simply can't be instant.
correct me, if I'm wrong here, but this is my understanding of p2p systems generally. so imho, it is not even theoretically possible. but looking forward for another thoughts related to this..
October 01, 2015, 01:07:08 PM
I'm not protocol experts or something, but instant confirmations is imho against core principle of bitcoin called Pow (https://en.bitcoin.it/wiki/Proof_of_work)
generally, you have to wait until TX is confirmed by next mined block. to opt-out this waiting, another concept have to be used..
anyway, theoretically, there are some ways: https://www.cryptocoinsnews.com/3-solutions-instant-bitcoin-confirmations/
generally, you have to wait until TX is confirmed by next mined block. to opt-out this waiting, another concept have to be used..
anyway, theoretically, there are some ways: https://www.cryptocoinsnews.com/3-solutions-instant-bitcoin-confirmations/
Yes, but all three of those supposed methods rely on centralization.
I guess the question is best framed as "Is there a decentralized way to have instant confirmations and a secure network?"
October 01, 2015, 10:42:05 AM
I'm not protocol experts or something, but instant confirmations is imho against core principle of bitcoin called Pow (https://en.bitcoin.it/wiki/Proof_of_work)
generally, you have to wait until TX is confirmed by next mined block. to opt-out this waiting, another concept have to be used..
anyway, theoretically, there are some ways: https://www.cryptocoinsnews.com/3-solutions-instant-bitcoin-confirmations/
generally, you have to wait until TX is confirmed by next mined block. to opt-out this waiting, another concept have to be used..
anyway, theoretically, there are some ways: https://www.cryptocoinsnews.com/3-solutions-instant-bitcoin-confirmations/
Jump to: