Pages:
Author

Topic: Building the Next Generation of Crypto-Currency (developers required) - page 6. (Read 23571 times)

hero member
Activity: 770
Merit: 566
fractally
I think we should treat account ledger as just list of accounts. Account never changes its place on ledger unless it is emptied. This way we can address accounts by just its offset in ledger. This would enable us to make transaction a lot smaller because offset would fit in 5 bytes while public key is 32 bytes.
Great insight, except these slots can be reused if the balance reaches 0.  To safely use just offsets would require that the slot be empty for 24 hours or so before being reused.
sr. member
Activity: 359
Merit: 250
I recently stumbled across these two papers which show that it is possible to prove a 'hash' exists in a fixed sized accumulator.  This is the basis behind ZeroCoin.

http://www.cs.stevens.edu/~mdemare/pubs/owa.pdf
http://spar.isi.jhu.edu/~mgreen/ZerocoinOakland.pdf
It is just theoretical work. We would need already implemented stable libraries.
sr. member
Activity: 309
Merit: 250
I recently stumbled across these two papers which show that it is possible to prove a 'hash' exists in a fixed sized accumulator.  This is the basis behind ZeroCoin.

But why we actually need an accumulator here? Can we just add the transactions to the block and mine it as usual? We can have a separate account ledger for any other currency to store balances.
sr. member
Activity: 309
Merit: 250
I think we should put design together in wiki before touching code.
I already made a page regarding account tree implementation. I think we should just stick with binary tree.
http://bitfreak.info/mbc-wiki/index.php?title=Account_Ledger

We should also choose the "slot" size optimaly for the Account Ledger tree.
We can use the results from http://ecommons.library.cornell.edu/bitstream/1813/5655/1/TR2004-1944.pdf
hero member
Activity: 770
Merit: 566
fractally
I have done Java, though c++ is my primary language.    I think that we need to solve some of the design details that are language independent first and if there is a solid java implementation then I could be tempted to go that route.  
I think we should put design together in wiki before touching code.
I already made a page regarding account tree implementation. I think we should just stick with binary tree.
http://bitfreak.info/mbc-wiki/index.php?title=Account_Ledger

EDIT:
Quote
1) move the nonce to the proof chain and replace the block-hash with an accumulator (see ZeroCoin), this would allow all mining efforts for all chains using the same 'proof of work' to support as many chains as possible with almost no extra work.   The nonce would only add 8 to 12 bytes per proof header and thus would not really affect the result.
As for merged mining I think it would be nice to include it, but I need to think it over. Do you know any good quality resources where it is described?
I recently stumbled across these two papers which show that it is possible to prove a 'hash' exists in a fixed sized accumulator.  This is the basis behind ZeroCoin.

http://www.cs.stevens.edu/~mdemare/pubs/owa.pdf
http://spar.isi.jhu.edu/~mgreen/ZerocoinOakland.pdf
sr. member
Activity: 359
Merit: 250
I have done Java, though c++ is my primary language.    I think that we need to solve some of the design details that are language independent first and if there is a solid java implementation then I could be tempted to go that route.  
I think we should put design together in wiki before touching code.
I already made a page regarding account tree implementation. I think we should just stick with binary tree.
http://bitfreak.info/mbc-wiki/index.php?title=Account_Ledger

EDIT:
Quote
1) move the nonce to the proof chain and replace the block-hash with an accumulator (see ZeroCoin), this would allow all mining efforts for all chains using the same 'proof of work' to support as many chains as possible with almost no extra work.   The nonce would only add 8 to 12 bytes per proof header and thus would not really affect the result.
As for merged mining I think it would be nice to include it, but I need to think it over. Do you know any good quality resources where it is described?

Quote
Ultimately you need all accounts to be accessed via a hash table and to validate that you have the 'entire hash table'.   Moving addresses around within the sectors would cause significant overhead in updating your hash-table index that allows you to find the addresses quickly.  This might be 'unavoidable' if you want to minimize sync overhead as you would be trading CPU time for network time. 
I think we should treat account ledger as just list of accounts. Account never changes its place on ledger unless it is emptied. This way we can address accounts by just its offset in ledger. This would enable us to make transaction a lot smaller because offset would fit in 5 bytes while public key is 32 bytes.
hero member
Activity: 770
Merit: 566
fractally
Quote
The challenge here is that in the event of a chain split, this transaction could not be applied upon re-merging of the forked chain.  It also limits transactions to 'one per account per block' where as bitcoin could in theory have many different transaction per address provided they were all based upon different outputs and incoming transactions would not interfere with outgoing transactions.
This initial scheme wasn't as bad as you say. You could include any number of tx in same block, because versions changes was applied only during block inclusion.
Anyway I spotted weakness in this approach already and posted refined proposal in wiki few days ago.
http://bitfreak.info/mbc-wiki/index.php?title=Transaction_Signing

It looks like the solution posted on the wiki is the same solution I came up with, so we are all on the same page!   
hero member
Activity: 770
Merit: 566
fractally
I have done Java, though c++ is my primary language.    I think that we need to solve some of the design details that are language independent first and if there is a solid java implementation then I could be tempted to go that route.  

I have a strong need for many parallel chains with combined proof-of-work as a means of providing scaling beyond what a single chain could do.   So off of the top of my head some small changes I would make:

1) move the nonce to the proof chain and replace the block-hash with an accumulator (see ZeroCoin), this would allow all mining efforts for all chains using the same 'proof of work' to support as many chains as possible with almost no extra work.   The nonce would only add 8 to 12 bytes per proof header and thus would not really affect the result.

2) Define sector sizes and what goes in each sector.  Assuming you use something like sha224 you incur 28 bytes of overhead for each level in the merkel tree.  If you have a deep tree, then to 'address' a particular change would require 28 bytes per layer.   If you have a 'flat tree' then recalculating the root hash would require hashing your entire data set.    From a purely big-O stand point you want a hash tree that grows in depth as your data set grows.   The only question you have to consider is the 'branching factor' with 2 being the lowest and something on the order of 1 MB of accounts being the 'largest'.   From a network perspective, having each 'sector' of the dataset fit in a single UDP packet may be the right sector size.   Assuming each account is 48 bytes this means about 32 accounts per sector and each node in your merkel tree would in turn contain about 32 hashes 'children'.   The end result would be log32( total accounts size ) * sizeof(sha224) to prove a prove a particular 'account' has membership in the root hash.       Something to consider regarding making the sector size too large is the probability of a random transaction causing a change to a sector.   If 1% of all addresses see changes in every block and your sector size is 128 then chances are *every sector* will change every time and thus you have little savings.  

    To counter this 'random' behavior, free slots should be deterministically selected from the most-frequently changed sector first.   In fact each block should not just update/replace certain sector, but instead should 'sort' the addresses by least-recently accessed.   So, assume 5 addresses change in 5 different sectors resulting in 5*32 addresses that are part of a changed sector.   Users would have to fetch entire sectors at a time anyway so we might as well use the fact that these sectors have 'changed' to re-sort all 5 sectors moving the 5 changes into the same 'new sector' and moving the least recently changed into other sectors.   This will result in a 'hot set' and a 'cold' set and thus minimize the total number of sector fetches that must occur.  

   Ultimately you need all accounts to be accessed via a hash table and to validate that you have the 'entire hash table'.   Moving addresses around within the sectors would cause significant overhead in updating your hash-table index that allows you to find the addresses quickly.  This might be 'unavoidable' if you want to minimize sync overhead as you would be trading CPU time for network time.  

3) Identify how splits / remerges will be handled.  I think the white paper fails to properly handle this issue along with handling multiple transactions from a single account in a single block.
sr. member
Activity: 359
Merit: 250
Quote
The challenge here is that in the event of a chain split, this transaction could not be applied upon re-merging of the forked chain.  It also limits transactions to 'one per account per block' where as bitcoin could in theory have many different transaction per address provided they were all based upon different outputs and incoming transactions would not interfere with outgoing transactions.
This initial scheme wasn't as bad as you say. You could include any number of tx in same block, because versions changes was applied only during block inclusion.
Anyway I spotted weakness in this approach already and posted refined proposal in wiki few days ago.
http://bitfreak.info/mbc-wiki/index.php?title=Transaction_Signing
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
Quote
The challenge here is that in the event of a chain split, this transaction could not be applied upon re-merging of the forked chain.  It also limits transactions to 'one per account per block' where as bitcoin could in theory have many different transaction per address provided they were all based upon different outputs and incoming transactions would not interfere with outgoing transactions.
That's a good observation which I hadn't realized. Although I'm having a bit of trouble seeing how your proposed solution would allow multiple transactions using the same account... my brain isn't working well today.
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
The account tree structure and mini-block-chain approach is 100% the way I think things need to go.   I am attempting to implement a new blockchain and started designing something very similar to the white paper.   So on closer look, I have to give this approach strong backing.
We will have a github repo up very soon and it would help if you could contribute to the project. We plan to work with bitcoinj, are you any good with Java?
hero member
Activity: 770
Merit: 566
fractally
Quote
In order to make sure the same signed transaction isn't processed by the network more than
once, the signer of the transaction will need to include in the transaction the hash of any
accounts referenced as inputs for the transaction (we don't need to worry about the outputs
because we have no control over how those accounts change). After the transaction is
applied the accounts will have a different hash and therefore nodes will know not to accept
that same signed transaction again because they can see the account hashes don't match.

The challenge here is that in the event of a chain split, this transaction could not be applied upon re-merging of the forked chain.  It also limits transactions to 'one per account per block' where as bitcoin could in theory have many different transaction per address provided they were all based upon different outputs and incoming transactions would not interfere with outgoing transactions.

To address this issue transactions will need to include an 'initial and final' block number that they may be stored in, then the hash of the transaction must be stored until the 'final' block number in which it will expire to prevent double-spends.   Otherwise you assume all transactions make it into the account any other changes to that account and no one person has control over all changes to an account (after all someone else could send the account funds at the same time you send your trx). 

Conclusion, all transactions must have an expiration block number and must be stored until that date.  This could be as simple as including all transactions in the 'mini-block-chain' until they fall of the end, though I suspect they would only need to be kept around for 48 hours or so.
hero member
Activity: 770
Merit: 566
fractally
Quote
I believe that merged-mining was part of this next-gen crypto-currency
I don't believe that merged-mining is part of this scheme, although it would be a part of something like the ultimate blockchain compression scheme. It seems like you still aren't fully understanding the way this new scheme is designed to work.

I have read a lot of different papers on this forum, so I may have gotten some parts confused.  I went back to re-read the white paper to check to see what I thought I rememberd and what I was actually thinking of was the 'proof-of-work chain' in this system.   I was suggesting that it could be updated to use the accumulator method to allow any number of 'proofs' to be stored in the same proof-of-work chain and therefore it would be usable by every blockchain out there without increasing the size.

The account tree structure and mini-block-chain approach is 100% the way I think things need to go.   I am attempting to implement a new blockchain and started designing something very similar to the white paper.   So on closer look, I have to give this approach strong backing.   

legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
Quote
I believe that merged-mining was part of this next-gen crypto-currency
I don't believe that merged-mining is part of this scheme, although it would be a part of something like the ultimate blockchain compression scheme. It seems like you still aren't fully understanding the way this new scheme is designed to work.
hero member
Activity: 770
Merit: 566
fractally
I believe that merged-mining was part of this next-gen crypto-currency,  I would like those following this thread to consider a new approach to scalable merged-mining that allows a 'fixed-size' proof-of-work regardless of the number of chains involved in merged-mining.

https://bitcointalksearch.org/topic/fixed-size-merged-mining-proof-of-work-1000s-of-chains-230120

full member
Activity: 130
Merit: 100
Instead of another "******Coin", it's better to take a good ISO currency code from the beginning, like Ripple did with XRP. It must start with X then. Something like XCC, i.e. CC for Crypto Currency.
Yeah I agree we should make the currency code begin with an X. And I would prefer to leave "coin" out of the same unless someone thinks of something extremely clever which hasn't been used already.

Why hasn't anyone used the term "credits" yet? Is it because it assumes a debt relationship?  XCC- Exchange Credits sounds so universal tho. 
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
Instead of another "******Coin", it's better to take a good ISO currency code from the beginning, like Ripple did with XRP. It must start with X then. Something like XCC, i.e. CC for Crypto Currency.
Yeah I agree we should make the currency code begin with an X. And I would prefer to leave "coin" out of the name unless someone thinks of something extremely clever which hasn't been used already.
hero member
Activity: 686
Merit: 504
always the student, never the master.
if you need a name, how about NanoToken (NNO)
legendary
Activity: 965
Merit: 1000
BetterCoin ?
Better Crypto Currency => BCC ?
sr. member
Activity: 309
Merit: 250
Silly name ideas:
EverCoin (already suggested by another poster, b/c coin is sustainable, forever)
SmallCoin
TinyCoin
LittleCoin
ShortCoin
OneCoin (the one coin, to rule them all!)
Ethercoin (because the rest of the blockchain just vanishes into the ether)
BalanceCoin (b/c entire ledger history is not necessary, just the balance!)

Instead of another "******Coin", it's better to take a good ISO currency code from the beginning, like Ripple did with XRP. It must start with X then. Something like XCC, i.e. CC for Crypto Currency.
Pages:
Jump to: