Pages:
Author

Topic: DECENTRALIZED crypto currency (including Bitcoin) is a delusion (any solutions?) - page 31. (Read 91144 times)

legendary
Activity: 1008
Merit: 1007
And subsidy was removed because a DAG-based coin with subsidy can't come to a consensus and find Nash equilibrium at the same time.

I'd like to hear why you say this, or can you direct me to a proof?
legendary
Activity: 2142
Merit: 1010
Newbie
Do you mean the computation of the PoW can be outsourced from the payer and the payer could pay a fee?

In that sense our designs are equivalent then. The assumption is that such outsourcing will be driven to very low profit margins near to costs. Also the payer is still in control of whom they outsource to, so control is still decentralized.

Yes, the transaction issuer can add an extra output that pays some amount to some address. If the owner of that address wants to get the money he has to attach PoW to the whole transaction. Effectively it's like fee, but it's not mandatory. Note that anyone could attach the PoW but only payment beneficiary will win from that, does it mean that "the payer is still in control of whom they outsource to"? Maybe.

I wouldn't say that the designs are equivalent because miners (or fees) were removed to make a homogeneous system. And subsidy was removed because a DAG-based coin with subsidy can't come to a consensus and find Nash equilibrium at the same time. The outcome may be the same, but the intentions were different.
sr. member
Activity: 420
Merit: 262
UNprofitable PoW

This reminded me to tell that Iota shouldn't be mentioned together with UNprofitable PoW in the same phrase. The PoW is not subsidized (like 25 BTC in Bitcoin or fees) but it can still be profitable, Iota allows that. This nuance may confuse those who decide to dig deeper into Iota after reading what you wrote about it.

Do you mean the computation of the PoW can be outsourced from the payer and the payer could pay a fee?

In that sense our designs are equivalent then. The assumption is that such outsourcing will be driven to very low profit margins near to costs. Also the payer is still in control of whom they outsource to, so control is still decentralized.
legendary
Activity: 2142
Merit: 1010
Newbie
UNprofitable PoW

This reminded me to tell that Iota shouldn't be mentioned together with UNprofitable PoW in the same phrase. The PoW is not subsidized (like 25 BTC in Bitcoin or fees) but it can still be profitable, Iota allows that. This nuance may confuse those who decide to dig deeper into Iota after reading what you wrote about it.
sr. member
Activity: 420
Merit: 262
I explained upthread that the math is incoherent and there is no bound with profitable proof of work either due to k. I will formalize the argument in a white paper, not now.

There is, but not in a chain with blocks. You need one transaction per block for this.

edit: if you have blocks, you have to make assumptions about k in order to bound the acceptability.

Agreed on the edit.

So we can see that profitable PoW is not bounded either if k is unbounded, but you can argue that UNprofitable PoW is not bounded at any k > 0. But the retort is that difficulty in my UNprofitable PoW design will not be limited to a difficulty which makes the cost of mining precisely equal to the block rewards, and thus the difficulty the attacker is facing is unbounded which is not the case in Satoshi's PoW design where difficulty is bounded by profitability of the marginal miners. Wink

I asked you wait for the white paper, but there is a hint to you for you to chomp on interim time.



...the fact is the math models are often myopic[1]...

[1]Meni Rosenfeld's myopic math, and note Meni is a widely respected academic:
https://bitcointalksearch.org/topic/m.13633504

And my explanation of the myopia:
https://bitcointalksearch.org/topic/m.13797768
https://bitcointalksearch.org/topic/m.13819991
https://bitcointalksearch.org/topic/m.13763395
https://bitcointalksearch.org/topic/m.13647887
sr. member
Activity: 420
Merit: 262
sr. member
Activity: 420
Merit: 262
For the curious, I showed the math from the selfish mining white paper with a tweak to pay all orphaned chains block rewards and it fixed the official selfish mining attack (but not the amortization of verification costs centralizing economics problem). But I think later I found a flaw with convergence of consensus but I forget and that detail is some where in my vaporcoin thread (in a discusssion between monsterer and myself).

Your proposed fix makes every double spend cost free, and the suggested countermeasures are not feasible.

Please quote me correctly! I have corrected your quote above of myself to include what I wrote but you had not included! The underhanded, childish smear campaign needs to stop.

I am not going to rehash that proposal. I already stated that I had found a flaw in it and thus I am not pursuing. I don't think your statement is complete, but again I don't want to revisit a proposal which I am not pursuing. I lack the time.
legendary
Activity: 1008
Merit: 1007
For the curious, I showed the math from the selfish mining white paper with a tweak to pay all orphaned chains block rewards and it fixed the official selfish mining attack

Your proposed fix makes every double spend cost free, and the suggested countermeasures are not feasible.
sr. member
Activity: 420
Merit: 262
sr. member
Activity: 414
Merit: 251

Iota has unprofitable mining so one could say I took that idea from Iota (although I had the idea for a while now, but I won't deny that Iota focused me to concentrate on it again when I started this thread). Also from Iota (and a bit from Dash Evolution but I was already working on this design I just was able to merge some ideas together to jump some hurdles) my design inherents some aspects of a DAG but the partitions are intra-block and are forced to converge at each block announcement.

P.S. readers wondering what happened, I took CfB off Ignore due to a civil discussion we had in another thread.

How many hours a day do you spend reading and posting on this forum? I like reading your posts but I wonder if spending that much time here is in your self interest.

If you could spend more of your time coding and launch it I think you would find a lot of support. Sometime in 2016 I would love to see a production ready solution of yours that addresses the incentive, security and decentralization topics you discuss.
sr. member
Activity: 420
Merit: 262

Iota has unprofitable mining so one could say I took that idea from Iota (although I had the idea for a while now, but I won't deny that Iota focused me to concentrate on it again when I started this thread). Also from Iota (and a bit from Dash Evolution but I was already working on this design I just was able to merge some ideas together to jump some hurdles) my design inherents some aspects of a DAG but the partitions are intra-block and are forced to converge at each block announcement.

Note I am not 100% sure (yet) I don't have a flaw in my contemplated design. I need to go quiet to work through all the details of that and a zillion other TODO.

P.S. readers wondering what happened, I took CfB off Ignore due to a civil discussion we had in another thread.
legendary
Activity: 2142
Merit: 1010
Newbie
ASIC-resistant PoW seems like a delightful idea to me.  Is memory latency the barrier to stand upon for the ages?  Hmm, that sounds familiar.

Of course no PoW proving algorithm (of any design) can be as efficient on less optimized consumer hardware and retail electricity (10 - 20 cents per KWH) as compared to highly optimized ASIC mining farms on 0 - 4 cents per KWH electricity (hydropower colocated or China's collectivized corruption). Even distributing ASICs to consumers won't level the playing field and not only because of differences in electricity costs, yet also due to economies-of-scale, access to lower interest loans, better connectivity to the major pools of the P2P announcement network, amortization of block chain verification over great income, etc..

Profitable PoW will always centralize, and there is a selfish mining attack always going on and there is no such thing as a requirement for 25 or 33% of the hashrate, because the selfish mining is built into the economics of Bitcoin (e.g. the amortization of verification costs, etc).

That is why I designed an UNprofitable PoW system. There is no other hope.

Memory latency barrier can't protect against those who implement mining algorithm in another kind of architecture. Von Neumann/Harvard architecture is not the only way. For example, artificial neural networks can do even super-Turing computations and they don't have von Neumann bottleneck problem.
sr. member
Activity: 420
Merit: 262
Bitcoin didn't solve BGP either. Nothing does because...

What you keep denying is that there are solutions (all solutions, and provably so in the case of BGP) that solve the problem within a specified range. Generally up to 33%-of-generals in the case of BGP and maybe 50%-of-hash rate for Bitcoin.

ASIC-resistant PoW seems like a delightful idea to me.  Is memory latency the barrier to stand upon for the ages?  Hmm, that sounds familiar.

Of course no PoW proving algorithm (of any design) can be as efficient on less optimized consumer hardware and retail electricity (10 - 20 cents per KWH) as compared to highly optimized ASIC mining farms on 0 - 4 cents per KWH electricity (hydropower colocated or China's collectivized corruption). Even distributing ASICs to consumers won't level the playing field and not only because of differences in electricity costs, yet also due to economies-of-scale, access to lower interest loans, better connectivity to the major pools of the P2P announcement network, amortization of block chain verification over great income, etc..

Profitable PoW will always centralize, because there is a "selfish mining" attack always ongoing and there is no such thing as a minimum requirement for 25 or 33% of the hashrate, because (a conceptual variant of) "selfish mining" is built into the economics of Bitcoin (e.g. the amortization of verification costs, etc).

That is why I designed an UNprofitable PoW system. There is no other hope.

Edit: the reason I am interested in narrowing the margin between PoW prover computation on consumer hardware and mining farms, is because in an UNprofitable mining design then the aforementioned ratio dictates from the ratio of UNprofitable hashrate to profitable hashrate determines how high that block reward can be and not be profitable to any miner. Obviously a coinbase reward of 0 is always UNprofitable (unless transaction fees are considered which is another detail I covered in the Decentralization thread).
sr. member
Activity: 420
Merit: 262
legendary
Activity: 1008
Merit: 1007
I explained upthread that the math is incoherent and there is no bound with profitable proof of work either due to k. I will formalize the argument in a white paper, not now.

There is, but not in a chain with blocks. You need one transaction per block for this.

edit: if you have blocks, you have to make assumptions about k in order to bound the acceptability.
sr. member
Activity: 420
Merit: 262
Let me reiterate again that the math you cited from Meni Rosenfeld was incomplete and thus incoherent. I explained that the same probabilistic guarantees can be obtain by increasing the number of confirmations rather than increasing the block reward.

In a system with no block reward, you can calculate the probability that an attacker can outpace the rest of the network from N blocks deficit. However, I don't see a way to put bounds on when it is safe to accept a transaction of size X as confirmed because the amount of PoW on top of any given transaction doesn't have a value which is easily observed.

I explained upthread that the math is incoherent and there is no bound with profitable proof of work either due to k. I will formalize the argument in a white paper, not now.

(which doesn't require there is necessarily no block reward but rather just that the block reward is less than profitable at the current difficulty)

If the block reward is unprofitable in a system with adjustable difficulty, this is not an equilibrium, so the difficulty will adjust downwards until it there is one. If your design includes other factors which you are not revealing, this may be different, but with what I know this is how I see it.

In my design every txn includes a PoW share thus difficulty will not reduce unless transactions reduce. The sender of the txn is entirely unconcerned about the cost of producing the PoW share.

The threshold of the difficulty to win a block will increase accordingly so that the block period remains constant.
legendary
Activity: 1008
Merit: 1007
Let me reiterate again that the math you cited from Meni Rosenfeld was incomplete and thus incoherent. I explained that the same probabilistic guarantees can be obtain by increasing the number of confirmations rather than increasing the block reward.

In a system with no block reward, you can calculate the probability that an attacker can outpace the rest of the network from N blocks deficit. However, I don't see a way to put bounds on when it is safe to accept a transaction of size X as confirmed because the amount of PoW on top of any given transaction doesn't have a value which is easily observed.

Quote
(which doesn't require there is necessarily no block reward but rather just that the block reward is less than profitable at the current difficulty)

If the block reward is unprofitable in a system with adjustable difficulty, this is not an equilibrium, so the difficulty will adjust downwards until it there is one. If your design includes other factors which you are not revealing, this may be different, but with what I know this is how I see it.
sr. member
Activity: 420
Merit: 262
Does anyone know of any proof which says that convergence can be guaranteed without a block reward? I would like to hear more detail because it's my gut feeling that it cannot.

I am working on it for a white paper.

Details are upthread.

We've covered the issues upthread, perhaps not to your satisfaction.

Let me reiterate again that the math you cited from Meni Rosenfeld was incomplete and thus incoherent. I explained that the same probabilistic guarantees can be obtain by increasing the number of confirmations rather than increasing the block reward.

The Nash equilibrium in an unprofitable PoW design (which doesn't require there is necessarily no block reward but rather just that the block reward is less than profitable at the current difficulty) is that payers want their transactions to be included in the longest-chain, thus they will send their PoW shares towards confirming blocks which honor the LCR.

In my design, the amount of electricity that secures the coin is sensibly insignificant relative to the value of transactions since each transaction includes a PoW share.
sr. member
Activity: 420
Merit: 262
Does anyone know of any proof which says that convergence can be guaranteed without a block reward? I would like to hear more detail because it's my gut feeling that it cannot.

I am working on it for a white paper.

Details are upthread.
legendary
Activity: 1008
Merit: 1007
Does anyone know of any proof which says that convergence can be guaranteed without a block reward? I would like to hear more detail because it's my gut feeling that it cannot.
Pages:
Jump to: