Just saying I predicted the iPhone (and Bitcoin) two (and three) years before it happened (note after this email I was evaluating the PDAs such as Nokia 770):
---------------------------- Original Message ----------------------------
Subject: Elaboration of why u will need a wireless handheld computer, and also an apology
From: Shelby
Date: Tue, November 15, 2005 1:45 pm
To: "TonyT" <[email protected]>
Cc: "Mom" <[email protected]>
--------------------------------------------------------------------------
Tony,
Apologies if my tone yesterday was "forceful". I was in an internet cafe
using a crappy keyboard in which the keys were sticking (backspace, cursor
arrows, some letters, etc) and I was irritated from typing a longer, more
"considerate" tone.
The above is one reason why handhelds are needed in PI.
But regarding you, one reason you will need a handheld is electronic
money. When you go to a job in future, you will be paid not with a credit
card, but with something like Paypal, and you will need a computer to do
it.
Of course you can carry your bulkier notebook, but for a measily $200, you
will find it convenient to carry a handheld, versus buying a new card or
notebook for doing WiFiMax.
My point is there will be applications that you can not forsee at this time.
There always are when some revolutionary core technology hits (e.g.
internet).
As for slow adoption, the reason things move slowly in any industry is
because of big corporations are conservative (do not like to cannabalize
existing sales with unproved replacement technologies). There are so many
examples of this. Celluar 4G is the most applicable to WiFiMAX.
But please realize that the reason that WiFi took off exponentially
(defying such slow adoption stigma), is that it could be installed by
individuals. That was the key to the internet explosion, and the PC
explosion. When power is given to individuals to make drastic efficiency
improvements in their lives, then lifeform growth in the history of nature
always booms (and busts) exponentially, not linearly.
Thus if WiFiMAX can be installed by individuals, small institutions, local
govts, civic organizations, clubs, neighborhoods, etc, then expect it will
be like the internet was, in 1994 only a few people like myself were aware
of it, by 1995 about 10% were using it, and by 1996 everyone was aware and
using it or preparing to try it.
---------------------------- Original Message ----------------------------
Subject: MORE: Re: internet phone
From: "Shelby"
Date: Thu, June 15, 2006 3:09 am
To: "Mom" <[email protected]>
--------------------------------------------------------------------------
The quality of sound in Skype is purportedly exceptional because it uses a
P2P (peer-to-peer) load sharing network.
Skype is free when calling any one using a Skype. It is free to landlines
and mobile until end of 2006, then it will cost a little for that.
The whole point of Skype, is if your friends download skype, then you can
call them free forever.
If they don't want to download, or don't want to be tied to one computer,
they can buy a Skype-enabled phone, which either plugs into any USB port,
or in future ones which are standalone using WiFiMAX. Many cities are
adding WiFiMAX for free. Google and Intel are pushing WiFiMAX movement.
The telco network is a dinasour. With Skype you could call free to
Philippines for example, as long as I have Skype. And much better quality
than they iconnecthere.com one I use now. I just haven't had time to
switch yet...
==============
That locks you down to one location (your home broadband net connection)
and one provider (e.g. Earthlink or your Cable company).
That is not the future. The future is mobile.
Here is what you should transistion to over time (owned by eBay and
partnered with Google):
http://skype.com/
You can buy a mobile phone that works with Skype at RadioShack. For now,
they only have the $40 ones which plug into USB of any computer, so you
can use from any where.
In future, they will have WiFiMAX ones which work just like mobile phone
(no wires), except without the telco monopoly charges.
> What do you think of this?
> https://store.earthlink.net/cgi-bin/wsisa.dll/store/product.html?product=euvvoip
>
> I'm assuming one downside would be that when my net connection is down
my phone would be down too.
Topic: DECENTRALIZED crypto currency (including Bitcoin) is a delusion (any solutions?) - page 10. (Read 91140 times)
January 03, 2017, 09:58:53 AM
December 29, 2016, 11:21:58 PM
I just stumbled upon Solidus, a proposed Cryptocurrency based on permissionless Byzantine Consensus:
Solidus uses PoW for leader election to adapt the Practical Byzantine Fault Tolerance (PBFT) protocol to a permissionless setting. It comes with a whole set of incentive
mechanisms for different kinds of actions. As far as I can tell, it's far more sophisticated than BitcoinNG and ByzCoin and (promises) offers quite some advantages over them. However, it still relies on the assumption that at least 2/3 of the computing power is controlled by honest nodes.
Quote
In summary, this work presents Solidus, a scalable and incentive compatible cryptocurrency based on a fault-tolerant committee and permissionless Byzantine consensus. It is secure against withholding attacks such as selfish mining and provides instantaneous confirmation of transactions. Perhaps a limitation of Solidus is that the protocol is currently rather complex. It remains interesting future work to simplify and improve the Solidus protocol.
Solidus uses PoW for leader election to adapt the Practical Byzantine Fault Tolerance (PBFT) protocol to a permissionless setting. It comes with a whole set of incentive
mechanisms for different kinds of actions. As far as I can tell, it's far more sophisticated than BitcoinNG and ByzCoin and (promises) offers quite some advantages over them. However, it still relies on the assumption that at least 2/3 of the computing power is controlled by honest nodes.
The PBFT protocol is notoriously complicated! There is a derivative called RAFT that is simpler and easier to develop, but there is still a lot of complexity involved.
It's a novel idea though, one that I myself briefly researched quite some time ago, but I decided to steer clear of modifying traditional Byzantine consensus algorithms with POW/POS et all for a number of reasons.
Traditional byzantine consensus algorithms are designed to be used in private/permissioned systems (which is why a lot of companies touting private blockchains are using them as their consensus foundation).
They make an implicit assumption that the majority of actors in the system are permissioned, and that faults will most likely be hardware failures, connection issues and such....not actors that defect maliciously.
From their inception that assumption has held largely true and they have performed very well at enabling fault tolerant synchronization of data-centers and the like across the globe for many years, with almost all of the big centralized players using some variation of PBFT/RAFT to do so.
Permissionless however is a different beast altogether. Using POW as the function to determine leadership is a nice idea, and it does mitigate Sybil to a large degree...but...that still leaves a rather large problem...DDOS.
I skimmed the paper that you mentioned and I could find no mechanism detailed to prevent DDoS (perhaps I missed it? I plan to read in more detail tomorrow as its 4AM now). It mentions at the end of the paper that DDoS is harder to perform due to the committee, but the presence of the committee, while it might help to prevent complete stalls, doesn't appear to reduce disruption possibilities IMO. For the record the ease of DDoS, and the difficulty in guarding against them was the main issue that caused me to swiftly abandon my own research.
The issue lies in the fact that with a permissionless leader based Byzantine algorithm, it is trivial to discover who you need to DDoS to disrupt the network as you are internal to the network itself!
The "timeouts" of PBFT are required so that a node can monitor the current leader and signal when it thinks an election process is required. It also means you know who to attack so that an election signal is broadcast from the network majority, the processes is triggered, and once complete, you now know your new target.
Repeating that process can deadlock the network in a never ending cycle of elections where no transactions get processed (or processed very slowly).
This DDoS technique is more difficult in a permissioned environment as you are unable to determine who is the leader of that network unless you have managed to obtain permission. Even then, safe-guards can be implemented that can detect DDoS attacks much easier and ban or remove that node from the network topology and revoke connection permissions.
With permissionless thats not possible, obviously, as the attacker just spins up another node and re-connects and is immediately able to discover who to attack.
December 29, 2016, 01:17:24 PM
I just stumbled upon Solidus, a proposed Cryptocurrency based on permissionless Byzantine Consensus:
Solidus uses PoW for leader election to adapt the Practical Byzantine Fault Tolerance (PBFT) protocol to a permissionless setting. It comes with a whole set of incentive
mechanisms for different kinds of actions. As far as I can tell, it's far more sophisticated than BitcoinNG and ByzCoin and (promises) offers quite some advantages over them. However, it still relies on the assumption that at least 2/3 of the computing power is controlled by honest nodes.
Quote
In summary, this work presents Solidus, a scalable and incentive compatible cryptocurrency based on a fault-tolerant committee and permissionless Byzantine consensus. It is secure against withholding attacks such as selfish mining and provides instantaneous confirmation of transactions. Perhaps a limitation of Solidus is that the protocol is currently rather complex. It remains interesting future work to simplify and improve the Solidus protocol.
Solidus uses PoW for leader election to adapt the Practical Byzantine Fault Tolerance (PBFT) protocol to a permissionless setting. It comes with a whole set of incentive
mechanisms for different kinds of actions. As far as I can tell, it's far more sophisticated than BitcoinNG and ByzCoin and (promises) offers quite some advantages over them. However, it still relies on the assumption that at least 2/3 of the computing power is controlled by honest nodes.
December 24, 2016, 08:52:02 PM
Btw, if you are wondering how my design solves the Scalepolcapyspe winner-take-all power vacuum problem of crypto-currency:
Homeostasis
Homeostasis
December 23, 2016, 08:56:42 AM
Don't get overly excited about Teechan:
Quote from: http://hackingdistributed.com/2016/12/22/scaling-bitcoin-with-secure-hardware/#comment-3065860665
Aren't we trusting that the manufacturer's key (for the endorsement certificate of the attestation key) isn't compromised or given away to for example the NSA?
Also apparently there may be some hidden licensing capability in SGX.
The last paragraph of section 6 Related Work in your paper explains that you've done nothing to solve a routing network which is the one of the main insoluble flaws of LN because it will only scale with centralization, so it is disingenuous or slightly confusing to imply in this blog (from the perspective of unsophisticated readers) that your invention can be used to do anything remotely useful with Bitcoin as it is today.
Also payment channels do nothing for real-time blockchain updates for features other than payments, such as Steem(it)'s social networking on a blockchain updates. Payment channels are a narrow application of a blockchain.
Also apparently there may be some hidden licensing capability in SGX.
The last paragraph of section 6 Related Work in your paper explains that you've done nothing to solve a routing network which is the one of the main insoluble flaws of LN because it will only scale with centralization, so it is disingenuous or slightly confusing to imply in this blog (from the perspective of unsophisticated readers) that your invention can be used to do anything remotely useful with Bitcoin as it is today.
Also payment channels do nothing for real-time blockchain updates for features other than payments, such as Steem(it)'s social networking on a blockchain updates. Payment channels are a narrow application of a blockchain.
Don't get me started on LN lol
It's been hyped up to solve scalability, but it's only useful in a finite number of use cases. For most day to day use cases it's....well....useless!
December 23, 2016, 06:50:34 AM
Don't get overly excited about Teechan:
Quote from: http://hackingdistributed.com/2016/12/22/scaling-bitcoin-with-secure-hardware/#comment-3065860665
Aren't we trusting that the manufacturer's key (for the endorsement certificate of the attestation key) isn't compromised or given away to for example the NSA?
Also apparently there may be some hidden licensing capability in SGX.
The last paragraph of section 6 Related Work in your paper explains that you've done nothing to solve a routing network which is the one of the main insoluble flaws of LN because it will only scale with centralization, so it is disingenuous or slightly confusing to imply in this blog (from the perspective of unsophisticated readers) that your invention can be used to do anything remotely useful with Bitcoin as it is today.
Also payment channels do nothing for real-time blockchain updates for features other than payments, such as Steem(it)'s social networking on a blockchain updates. Payment channels are a narrow application of a blockchain.
Also apparently there may be some hidden licensing capability in SGX.
The last paragraph of section 6 Related Work in your paper explains that you've done nothing to solve a routing network which is the one of the main insoluble flaws of LN because it will only scale with centralization, so it is disingenuous or slightly confusing to imply in this blog (from the perspective of unsophisticated readers) that your invention can be used to do anything remotely useful with Bitcoin as it is today.
Also payment channels do nothing for real-time blockchain updates for features other than payments, such as Steem(it)'s social networking on a blockchain updates. Payment channels are a narrow application of a blockchain.
December 22, 2016, 02:11:01 PM
There are many cases where you might see conflicting transactions in the network that we're broadcast legitimately by honest users.
An obvious one that springs to mind is a company that has a number of nodes across the planet and is processing payments in some form. If one (or more) of the nodes are subject to some lag, they might create and broadcast a payment that already exists via some smart-contract logic perhaps, yet the producing node is not aware of it being a duplicate due to lag (or any other reason).
That's not being dishonest and is a legitimate case that can, and will happen.
An obvious one that springs to mind is a company that has a number of nodes across the planet and is processing payments in some form. If one (or more) of the nodes are subject to some lag, they might create and broadcast a payment that already exists via some smart-contract logic perhaps, yet the producing node is not aware of it being a duplicate due to lag (or any other reason).
That's not being dishonest and is a legitimate case that can, and will happen.
Good point. Their requirement is basically one of requiring external synchronization, but asynchrony is the norm on networks. Synchrony is generally impossible.
I added the following edit to my comment at Medium:
Quote
Edit: Fuserleer (eMunie developer) has pointed out that this requires external synchronization which is generally impossible on networks, e.g. wherein a company has multiple nodes across the network which issue transactions asynchronously. Thus employing the blockchain as the synchronization mechanism. If the company tried to employ their own blockchain for synchronization, then forwarded the transactions to your blockchain, then it requires one node to synchronize to do the forwarding, which is not resilient. In general, asynchrony can’t be avoided.
Right! It is also impossible to determine with any accuracy that a node which is performing outside of the expected realms is either dishonest or simply faulty.
Simply whitewashing all faults as being dishonest actions is 100% the wrong decision, if anything it should be the opposite. Effort should be made to guard against all faults in a manner that permits total recovery of the network. Recovery of the node, total if possible, partial if not, should also be a stretch goal. Both recovery mechanisms should operate without penalization of any sort against a faulty node.
December 22, 2016, 01:24:50 PM
There are many cases where you might see conflicting transactions in the network that we're broadcast legitimately by honest users.
An obvious one that springs to mind is a company that has a number of nodes across the planet and is processing payments in some form. If one (or more) of the nodes are subject to some lag, they might create and broadcast a payment that already exists via some smart-contract logic perhaps, yet the producing node is not aware of it being a duplicate due to lag (or any other reason).
That's not being dishonest and is a legitimate case that can, and will happen.
An obvious one that springs to mind is a company that has a number of nodes across the planet and is processing payments in some form. If one (or more) of the nodes are subject to some lag, they might create and broadcast a payment that already exists via some smart-contract logic perhaps, yet the producing node is not aware of it being a duplicate due to lag (or any other reason).
That's not being dishonest and is a legitimate case that can, and will happen.
Good point. Their requirement is basically one of requiring external synchronization, but asynchrony is the norm on networks. Synchrony is generally impossible.
I added the following edit to my comment at Medium:
Quote
Edit: Fuserleer (eMunie developer) has pointed out that this requires external synchronization which is generally impossible on networks, e.g. wherein a company has multiple nodes across the network which issue transactions asynchronously. Thus employing the blockchain as the synchronization mechanism. If the company tried to employ their own blockchain for synchronization, then forwarded the transactions to your blockchain, then it requires one node to synchronize to do the forwarding, which is not resilient. In general, asynchrony can’t be avoided.
December 22, 2016, 06:59:47 AM
My off-the-top-of-my-head quick list of issues with SPECTRE:
https://medium.com/@shelby_78386/quoting-from-the-whitepaper-29e9fbc0ebec#.f4n0rdaho
https://medium.com/@shelby_78386/quoting-from-the-whitepaper-29e9fbc0ebec#.f4n0rdaho
Quote
Quote
two conflicting payments that are published concurrently could only have been created by a dishonest user
Afaics, this fundamental assumption which your design hinges on, does not work in a crypto-currency system.
What if a user needs to increase the transaction fee paid because none of the miners are including the transaction?
WOW!
I've not read the whitepaper, but reading that except from your analysis...I stopped right there.
Are they really basing critical consensus actions on that assumption?
There are many cases where you might see conflicting transactions in the network that we're broadcast legitimately by honest users.
An obvious one that springs to mind is a company that has a number of nodes across the planet and is processing payments in some form. If one (or more) of the nodes are subject to some lag, they might create and broadcast a payment that already exists via some smart-contract logic perhaps, yet the producing node is not aware of it being a duplicate due to lag (or any other reason).
That's not being dishonest and is a legitimate case that can, and will happen.
December 22, 2016, 01:54:47 AM
My off-the-top-of-my-head quick list of issues with SPECTRE:
https://medium.com/@shelby_78386/quoting-from-the-whitepaper-29e9fbc0ebec#.f4n0rdaho
https://medium.com/@shelby_78386/quoting-from-the-whitepaper-29e9fbc0ebec#.f4n0rdaho
December 18, 2016, 05:04:27 PM
But you are arguing that the attacker doesn't need a majority of the historic private keys (to overcome TaPoS), so therefor the number of attackers are unbounded. Thus there is no objectivity between unbounded forks. Thus of course the current stake holders must refuse, lest their entire stake be worthless.
That's an interesting point that leads me to the following thoughts: It's irrational to assume an attack scenario with only one single attacker. Instead, it's more reasonable to consider an unbounded number of potential attackers who could act one after another or even at the same time, without knowing of one another. So, the attack scenario is like a Poisson process.
For any distributed system that can only be attacked by somone who has a substantial amount (e.g. 1/2+ or 1/3+, 1/4+) of whatever resources (hashrate/power/stake), the security will depend on the time needed to carry out the attack (or more precisely: the time required to build up and possess the resources). The longer this timeframe, the more probable it is that other (non-colluding) attackers might launch their own attacks against the system in the meantime. However, when several attackers are acting at the same time independently, it is less likely that any one of them will have the power to not only outpace the honest nodes but all the other attackers as well.
Thus, making that timeframe longer will also make the system more secure. Furthermore, with growing popularity of the system, the number of potential attackers will also increase which further reduces its vulnerability.
Note that the attack timeframe is very short in Bitcoin at around 60 mintues that are needed for a transaction to be confirmed. PoW-PoS-hybrid or dual blockchain architectures can have much longer timeframes though.
December 18, 2016, 04:46:24 PM
Quote from: @AnonyMint’s whitepaper
It can’t be irrefutably proven that the 3 malevolent marbles were cheating because they can each claim that other one became unresponsive; thus voting for more than two quorums became necessary. And the honest marble voted more than twice also.
Improved that portion:
Quote from: @AnonyMint’s whitepaper
It can’t be irrefutably proven that the 3 malevolent marbles were cheating because they can each claim that other one became unresponsive when they each separately vote for one of the conflicting quorums; thus the justification that voting for more than two quorums became necessary. And the honest marble voted more than twice also or became unresponsive, so the 4 voters are all ambiguously malevolent from the perspective of any observer.
December 18, 2016, 12:18:24 PM
I wrote a more easy to visualize explanation of the Byzantine agreement proof... can y'all understand this?
Quote from: @AnonyMint’s whitepaper
The proof in the case where nodes can be malevolent is easy to visualize with 3 colored marbles as voters: red, white, and blue. Given 3 jars representing ballot boxes for 3 elections, two marbles can be placed in each jar without any marble voting more than twice, i.e. no voter has cheated yet the result is ambiguous. Declaring any of the jars as the first epoch, results in two quorum choices (forks) for which jar is the next epoch. One jar has red and white, the next red and blue, and the last white and blue. This is why the proof requires that the excess of the quorum be less than ¹/₃ (aka “-¹/₃”). So by adding a green marble, the ambiguity is resolved because the green marble can only be placed in two of the three jars― again presuming no voter cheated to vote more than twice. Thus the +²/₃ instead of ¹/₂+ is required for quorums in the presence of possible malevolence given an asynchronous network, because the ordering of the quorums can’t be proven.
Note if any 3 of the 4 marbles are colluding, i.e. ²/₃ or more (aka “+²/₃”) of the voters are malevolent, they can vote for as many conflicting quorums (forks) as they wish and it will be ambiguous which of the 4 marbles is cheating, because given 3 sets of 3 jars, a different one of the 3 cheaters can vote in each set. And the honest marble has to vote on the fork which the quorum is extending, because otherwise not voting is indistinguishable from unresponsive. It can’t be irrefutably proven that the 3 malevolent marbles were cheating because they can each claim that other one became unresponsive; thus voting for more than two quorums became necessary. And the honest marble voted more than twice also. Propagation order and responsiveness can’t be proven nor disproven in an asynchronous network.
Note if any 3 of the 4 marbles are colluding, i.e. ²/₃ or more (aka “+²/₃”) of the voters are malevolent, they can vote for as many conflicting quorums (forks) as they wish and it will be ambiguous which of the 4 marbles is cheating, because given 3 sets of 3 jars, a different one of the 3 cheaters can vote in each set. And the honest marble has to vote on the fork which the quorum is extending, because otherwise not voting is indistinguishable from unresponsive. It can’t be irrefutably proven that the 3 malevolent marbles were cheating because they can each claim that other one became unresponsive; thus voting for more than two quorums became necessary. And the honest marble voted more than twice also. Propagation order and responsiveness can’t be proven nor disproven in an asynchronous network.
Nope, sorry.
Any graphs to help me?
Some pie charts and illustration would help, but I don't have time to draw them right now.
Perhaps some more context will help (btw, BFT = Byzantine Fault Tolerance which is mentioned earlier in the paper):
Quote from: @AnonyMint’s whitepaper
The second reformulation of BFT has been proven for ≥ (N + 1)/2 (aka “¹/₂+”, “50+%”, or erroneously “51%”) responsive nodes in the case where all nodes that communicate do so correctly and otherwise ≤ (N - 1)/3 (aka “-¹/₃”) unresponsive and/or incorrect nodes, where N is the total number of nodes.[^Bracha]
‡ BFT always implies the asynchronous case, because otherwise BFT isn’t necessary.
1.1 Byzantine Agreement
The proof is intuitive in the example scenario where every node is a voter and each candidate block is an election epoch. If every vote is correct, BFT only applies to faults which are unresponsive nodes; thus only a majority of votes is required because any ordering of blocks is always non-conflicting (or equivalently if the coordination of voting is synchronized such that conflicting order can’t exist, but then BFT isn’t applicable per the ‡ footnote of prior section). For example, if validators of transactions never vote for a conflicting transaction such as a double-spend, then given two attempted elections for a pair of consecutive blocks of transactions, the minimum number of voters which commit to both elections is fₛ = 2T - N - 1, where T is the minimum quorum size for each election. Thus T ≥ (N + 1)/2 where 2T - N - 1 ≥ 0 because 0 safety is required given every vote is non-conflicting. But in the Byzantine agreement case wherein malevolent* and/or asynchronous (forced by random propagation ordering) validators can vote for blocks that contain conflicting transactions, the minimum number of voters which commit to both elections fₛ = 2T - N - 1 must be greater than the number of excess voters not needed to form a quorum fₗ = N - T, so that a quorum for a conflicting pair of blocks can’t exist because there aren’t enough uncommitted voters to vote for it, i.e. T ≥ N - fₛ.[^Tendermint-safety] Thus T ≥ (2N + 1)/3 where 2T - N - 1 ≥ N - T, fₛ is the safety margin, and fₗ is liveness.[^BFT-derivation] This result which is mathematically equivalent to N = 3f + 1 where f = fₛ = fₗ, is analogous to the N = 3m + 1 generals for m traitors result for the Byzantine Generals Problem (aka “BGP”).[^BGP]
Liveness in this context is the maximum number of unresponsive and/or malevolent nodes allowed for the system to not stall all quorums and/or censor for which blocks quorums are allowed. Safety margin is the minimum number of voters which must commit to a pair of blocks to prevent ambiguous ordering of blocks. Even if only a single election would ever be held for a set of signing keys which represent the voters, Byzantine agreement applies in any nonsynchronous (aka “asynchronous”) case when there isn’t trust of a designated centralized tally, because voters can irrefutably claim that an epoch expired and they signed a new vote for a new epoch. It is even irrefutable that a trusted centralized tally did not receive a vote.[^he-said-she-said][^ambiguous-fault] Some systems may opt for more safety margin at the detriment of reduced liveness by choosing a larger minimum quorum size T.
Marbles in Jars Example
The proof in the case where nodes can be malevolent is easy to visualize with 3 colored marbles as voters: red, white, and blue. Given 3 jars representing ballot boxes for 3 elections, two marbles can be placed in each jar without any marble voting more than twice, i.e. no voter has cheated yet the result is ambiguous. Declaring any of the jars as the first epoch, results in two quorum choices (forks) for which jar is the next epoch. One jar has red and white, another red and blue, and another white and blue. This is why the proof requires that the excess of the quorum be less than ¹/₃ (aka “-¹/₃”). So by adding a green marble so that smallest minority reduces from ¹/₃ to ¹/₄ which is thus -¹/₃, the ambiguity is resolved because the green marble can only be placed in two of the three jars― again presuming no voter cheated to vote more than twice. Thus the +²/₃ instead of ¹/₂+ is required for quorums in the presence of possible malevolence given an asynchronous network, because the ordering of the quorums can’t be proven.
Note if any 3 of the 4 marbles are colluding, i.e. ²/₃ or more (aka “+²/₃”) of the voters are malevolent, they can vote for as many conflicting quorums (forks) as they wish and it will be ambiguous which of the 4 marbles is cheating, because given 3 sets of 3 jars, a different one of the 3 cheaters can vote in each set. And the honest marble has to vote on the fork which the quorum is extending, because otherwise not voting is indistinguishable from unresponsive. It can’t be irrefutably proven that the 3 malevolent marbles were cheating because they can each claim that other one became unresponsive when they each separately vote for one of the conflicting quorums; thus the justification that voting for more than two quorums became necessary. And the honest marble voted more than twice also or became unresponsive, so the 4 voters are all ambiguously malevolent from the perspective of any observer. And the honest marble voted more than twice also. Propagation order and responsiveness can’t be proven nor disproven in an asynchronous network.[^he-said-she-said][^ambiguous-fault]
* The adjectives “malevolent” or “attacking” applied to nodes means a colluding or centralized controlled group of nodes.
‡ BFT always implies the asynchronous case, because otherwise BFT isn’t necessary.
1.1 Byzantine Agreement
The proof is intuitive in the example scenario where every node is a voter and each candidate block is an election epoch. If every vote is correct, BFT only applies to faults which are unresponsive nodes; thus only a majority of votes is required because any ordering of blocks is always non-conflicting (or equivalently if the coordination of voting is synchronized such that conflicting order can’t exist, but then BFT isn’t applicable per the ‡ footnote of prior section). For example, if validators of transactions never vote for a conflicting transaction such as a double-spend, then given two attempted elections for a pair of consecutive blocks of transactions, the minimum number of voters which commit to both elections is fₛ = 2T - N - 1, where T is the minimum quorum size for each election. Thus T ≥ (N + 1)/2 where 2T - N - 1 ≥ 0 because 0 safety is required given every vote is non-conflicting. But in the Byzantine agreement case wherein malevolent* and/or asynchronous (forced by random propagation ordering) validators can vote for blocks that contain conflicting transactions, the minimum number of voters which commit to both elections fₛ = 2T - N - 1 must be greater than the number of excess voters not needed to form a quorum fₗ = N - T, so that a quorum for a conflicting pair of blocks can’t exist because there aren’t enough uncommitted voters to vote for it, i.e. T ≥ N - fₛ.[^Tendermint-safety] Thus T ≥ (2N + 1)/3 where 2T - N - 1 ≥ N - T, fₛ is the safety margin, and fₗ is liveness.[^BFT-derivation] This result which is mathematically equivalent to N = 3f + 1 where f = fₛ = fₗ, is analogous to the N = 3m + 1 generals for m traitors result for the Byzantine Generals Problem (aka “BGP”).[^BGP]
Liveness in this context is the maximum number of unresponsive and/or malevolent nodes allowed for the system to not stall all quorums and/or censor for which blocks quorums are allowed. Safety margin is the minimum number of voters which must commit to a pair of blocks to prevent ambiguous ordering of blocks. Even if only a single election would ever be held for a set of signing keys which represent the voters, Byzantine agreement applies in any nonsynchronous (aka “asynchronous”) case when there isn’t trust of a designated centralized tally, because voters can irrefutably claim that an epoch expired and they signed a new vote for a new epoch. It is even irrefutable that a trusted centralized tally did not receive a vote.[^he-said-she-said][^ambiguous-fault] Some systems may opt for more safety margin at the detriment of reduced liveness by choosing a larger minimum quorum size T.
Marbles in Jars Example
The proof in the case where nodes can be malevolent is easy to visualize with 3 colored marbles as voters: red, white, and blue. Given 3 jars representing ballot boxes for 3 elections, two marbles can be placed in each jar without any marble voting more than twice, i.e. no voter has cheated yet the result is ambiguous. Declaring any of the jars as the first epoch, results in two quorum choices (forks) for which jar is the next epoch. One jar has red and white, another red and blue, and another white and blue. This is why the proof requires that the excess of the quorum be less than ¹/₃ (aka “-¹/₃”). So by adding a green marble so that smallest minority reduces from ¹/₃ to ¹/₄ which is thus -¹/₃, the ambiguity is resolved because the green marble can only be placed in two of the three jars― again presuming no voter cheated to vote more than twice. Thus the +²/₃ instead of ¹/₂+ is required for quorums in the presence of possible malevolence given an asynchronous network, because the ordering of the quorums can’t be proven.
Note if any 3 of the 4 marbles are colluding, i.e. ²/₃ or more (aka “+²/₃”) of the voters are malevolent, they can vote for as many conflicting quorums (forks) as they wish and it will be ambiguous which of the 4 marbles is cheating, because given 3 sets of 3 jars, a different one of the 3 cheaters can vote in each set. And the honest marble has to vote on the fork which the quorum is extending, because otherwise not voting is indistinguishable from unresponsive. It can’t be irrefutably proven that the 3 malevolent marbles were cheating because they can each claim that other one became unresponsive when they each separately vote for one of the conflicting quorums; thus the justification that voting for more than two quorums became necessary. And the honest marble voted more than twice also or became unresponsive, so the 4 voters are all ambiguously malevolent from the perspective of any observer. And the honest marble voted more than twice also. Propagation order and responsiveness can’t be proven nor disproven in an asynchronous network.[^he-said-she-said][^ambiguous-fault]
* The adjectives “malevolent” or “attacking” applied to nodes means a colluding or centralized controlled group of nodes.
December 18, 2016, 10:17:58 AM
I wrote a more easy to visualize explanation of the Byzantine agreement proof... can y'all understand this?
Quote from: @AnonyMint’s whitepaper
The proof in the case where nodes can be malevolent is easy to visualize with 3 colored marbles as voters: red, white, and blue. Given 3 jars representing ballot boxes for 3 elections, two marbles can be placed in each jar without any marble voting more than twice, i.e. no voter has cheated yet the result is ambiguous. Declaring any of the jars as the first epoch, results in two quorum choices (forks) for which jar is the next epoch. One jar has red and white, the next red and blue, and the last white and blue. This is why the proof requires that the excess of the quorum be less than ¹/₃ (aka “-¹/₃”). So by adding a green marble, the ambiguity is resolved because the green marble can only be placed in two of the three jars― again presuming no voter cheated to vote more than twice. Thus the +²/₃ instead of ¹/₂+ is required for quorums in the presence of possible malevolence given an asynchronous network, because the ordering of the quorums can’t be proven.
Note if any 3 of the 4 marbles are colluding, i.e. ²/₃ or more (aka “+²/₃”) of the voters are malevolent, they can vote for as many conflicting quorums (forks) as they wish and it will be ambiguous which of the 4 marbles is cheating, because given 3 sets of 3 jars, a different one of the 3 cheaters can vote in each set. And the honest marble has to vote on the fork which the quorum is extending, because otherwise not voting is indistinguishable from unresponsive. It can’t be irrefutably proven that the 3 malevolent marbles were cheating because they can each claim that other one became unresponsive; thus voting for more than two quorums became necessary. And the honest marble voted more than twice also. Propagation order and responsiveness can’t be proven nor disproven in an asynchronous network.
Note if any 3 of the 4 marbles are colluding, i.e. ²/₃ or more (aka “+²/₃”) of the voters are malevolent, they can vote for as many conflicting quorums (forks) as they wish and it will be ambiguous which of the 4 marbles is cheating, because given 3 sets of 3 jars, a different one of the 3 cheaters can vote in each set. And the honest marble has to vote on the fork which the quorum is extending, because otherwise not voting is indistinguishable from unresponsive. It can’t be irrefutably proven that the 3 malevolent marbles were cheating because they can each claim that other one became unresponsive; thus voting for more than two quorums became necessary. And the honest marble voted more than twice also. Propagation order and responsiveness can’t be proven nor disproven in an asynchronous network.
Nope, sorry.
Any graphs to help me?
December 18, 2016, 09:44:53 AM
I wrote a more easy to visualize explanation of the Byzantine agreement proof... can y'all understand this?
Quote from: @AnonyMint’s whitepaper
The proof in the case where nodes can be malevolent is easy to visualize with 3 colored marbles as voters: red, white, and blue. Given 3 jars representing ballot boxes for 3 elections, two marbles can be placed in each jar without any marble voting more than twice, i.e. no voter has cheated yet the result is ambiguous. Declaring any of the jars as the first epoch, results in two quorum choices (forks) for which jar is the next epoch. One jar has red and white, the next red and blue, and the last white and blue. This is why the proof requires that the excess of the quorum be less than ¹/₃ (aka “-¹/₃”). So by adding a green marble, the ambiguity is resolved because the green marble can only be placed in two of the three jars― again presuming no voter cheated to vote more than twice. Thus the +²/₃ instead of ¹/₂+ is required for quorums in the presence of possible malevolence given an asynchronous network, because the ordering of the quorums can’t be proven.
Note if any 3 of the 4 marbles are colluding, i.e. ²/₃ or more (aka “+²/₃”) of the voters are malevolent, they can vote for as many conflicting quorums (forks) as they wish and it will be ambiguous which of the 4 marbles is cheating, because given 3 sets of 3 jars, a different one of the 3 cheaters can vote in each set. And the honest marble has to vote on the fork which the quorum is extending, because otherwise not voting is indistinguishable from unresponsive. It can’t be irrefutably proven that the 3 malevolent marbles were cheating because they can each claim that other one became unresponsive; thus voting for more than two quorums became necessary. And the honest marble voted more than twice also. Propagation order and responsiveness can’t be proven nor disproven in an asynchronous network.
Note if any 3 of the 4 marbles are colluding, i.e. ²/₃ or more (aka “+²/₃”) of the voters are malevolent, they can vote for as many conflicting quorums (forks) as they wish and it will be ambiguous which of the 4 marbles is cheating, because given 3 sets of 3 jars, a different one of the 3 cheaters can vote in each set. And the honest marble has to vote on the fork which the quorum is extending, because otherwise not voting is indistinguishable from unresponsive. It can’t be irrefutably proven that the 3 malevolent marbles were cheating because they can each claim that other one became unresponsive; thus voting for more than two quorums became necessary. And the honest marble voted more than twice also. Propagation order and responsiveness can’t be proven nor disproven in an asynchronous network.
December 17, 2016, 07:52:43 PM
Only proof of longest chain coins will ever be objective:
https://github.com/cosmos/cosmos/issues/47#issuecomment-267796283
There will be no exceptions. It is fundamental.
https://github.com/cosmos/cosmos/issues/47#issuecomment-267796283
There will be no exceptions. It is fundamental.
December 16, 2016, 06:37:11 PM
Well I've totally blown up the security of the only two formerly viable scalable alternatives to PoW which were Tendermint/Cosmos (in general any Byzantine agreement including Casper/Rchain) and Bitshares DPoS/Steemit/Ark (which my whitepaper explains is also Byzantine agreement even though it is hyped as something different):
My whitepaper is going to turn everything upside down. It is going to be a major event, as important as when Satoshi published in 2008.
Note non-delegated PoS is not scalable, so I am not going to debate on it even though it is also subject to a winner-take-all power vacuum flaw same as for PoW.
https://github.com/cosmos/cosmos/issues/47 <--- they've gone silent because they realize they've wasted 3 years of work
My whitepaper is going to turn everything upside down. It is going to be a major event, as important as when Satoshi published in 2008.
Note non-delegated PoS is not scalable, so I am not going to debate on it even though it is also subject to a winner-take-all power vacuum flaw same as for PoW.
December 14, 2016, 08:25:28 PM
I'll look forward to read more from all of you experts and your elaborations over the future currency systems.
This is an excellent thread!
This is an excellent thread!
December 14, 2016, 07:25:41 PM
After now understanding my invention better from an academic prior art perspective, I can now conclude that my whitepaper and invention will be more important Satoshi's. It is a fundamental innovation in the family of Byzantine fault tolerant systems. It solves the problems that Satohi's didn't. "He" was on the right track though.
I'd like the oppinion of a mathematician or cryptographer with game theory knowledge to comment on it before I make any judgements myself... no code to look at so I'll just wait until there is. December 14, 2016, 04:49:41 PM
After now understanding my invention better from an academic prior art perspective, I can now conclude that my whitepaper and invention will be more important Satoshi's. It is a fundamental innovation in the family of Byzantine fault tolerant systems. It solves the problems that Satohi's didn't. "He" was on the right track though.
Jump to: