Topic: DECENTRALIZED crypto currency (including Bitcoin) is a delusion (any solutions?) - page 37. (Read 91144 times)

Agreed. I wasn't using that term, but equated what I am doing to be something akin to a provider, but maybe not in the way you defined it below.

In any case, the solution I have employed to deal with the dilemma you stated, is that the control of the PoW is in the hands of the users, not professional miners nor these "providers". So the users can shift their PoW at-will to those "providers" that are not abusing the protocol in any way.

If we assume the users will not do this, then of course why even bother creating anything at all for the users if they won't fight for their own rights. The problem with Satoshi's design is the users can't fight because they don't control the mining.

So at the minimum my design has the decentralized, permissionless attribute sustained for as long as 51% of the user's PoW is willing to move away from any "providers" who are doing malfeasance (assuming users can detect and agree on who is doing malfeasance which is another topic of discussion).

However, I do admit that the masses are apathetic and they can be convinced to use Coinbase and accept the default settings. So that is why it was important to me that my design achieved the ability of the minority to fork away from the majority (when the majority is abusive) and to not be vulnerable to a 51% attack by the majority in terms of censoring transactions.

As I explained to monsterer upthread, it is not possible to objectively prove (with cryptography and math) which chain is the honest one and which one is the dishonest one when there are censored transactions. But it is possible to determine which "providers" (in my design) are denying certain transactions and/or denying to interact properly with other "providers" which are not denying certain transactions. This is determined from the perspective of the user who is trying to send the transaction to the "provider".  Thus user can simply send his transaction (+ PoW share) to the "provider" which doesn't censor him. And so my design naturally anneals to fork away from malfeasance. I was quite pleased with that. It isn't perfect in every respect, but it sure gives us a fighting chance to resist deleterious centralization effects.

Thus even if the apathetic masses are induced to use their PoW shares to attack the minority chain, it won't work. Because there is objectivity that I described in the prior paragraph. That was one of my key epiphanies. They paradigm shift is the objectivity is individually based and thus doesn't require a global objectivity. That will of course create a new partition (a new fork), but each forkh as its own longest chain which users can identify by the providers that are not censored from it (users thus taking the unions of all chains). In other words, users will use the chain that doesn't censor their transactions. So the objectivity is that the attacker's fake transactions aren't used by any one, or that union with the apathetic majority's transactions is not exclusive to the minorities's transactions. For as long as the minority chain is building off the majority chain (i.e. always building off the end of the majority chain and including its transactions), then the attacker can't double-spend in both. The minority chain just adds transactions to the majority chain, thus it doesn't require Partition tolerance thus doesn't violate CAP.

Note however that this minority chain is unprovable to a full node that wasn't online as it was occurring (which was my point to monsterer), but I don't think the minority community will behave totally chaotically like that. Instead they will communicate in forums and agree on some checkpoints for the minority chain (which can be downloaded to user's clients), because socially if there is a sizeable minority that is being harmed they have every incentive to organize and protect their funds from censorship. And they will hold the PoW power to do so. One of the key differences from what I argued upthread to monsterer, is that "providers" aggregate transactions and thus users can reason about malfeasance on less granular basis than every transactions for itself. This enables users to organize around "providers" which are behaving correctly.

Notwithstanding that, there might a way to write checkpoints from the minority chain into the majority chain without the majority chain knowing it until after the fact, assuming the majority chain allows any encrypted data (or encryption can possibly be hidden with steganography). However, that is probably pointless because a 51% control can always rewrite the chain (but that becomes very obvious to the community and is not realistic).

In summary, 51% attacks can't be hidden. As long as the community holds the power in their individual user hands, it is very difficult to foist crap onto the users that they don't want. Humans can fight when they can organize and they hold the power.


I am quite clear on this by now. I have thus have a design for what I want to achieve; which is as stated above.


But the centralization and failures come insidiously over time as we are observing (and which I publicly predicted years ago and was labeled as crazy).


If I am understanding correctly what you are alluding to, that won't work. I already analyzed that sort of design. It fails for similar reasons as I have explained that other designs fail, in that it can't arrive at one total ordering of the consensus. No one can trust money that has multifarious orderings, because there is no truth about the money's value. Money has to have global fungibility otherwise it isn't money.


I assert you are working against the direction of entropy as discussed by CoinCube and I upthread (and currently a debate that I need to finish with the professor Jorge when I have time to come back to it).

The world is moving to globalization of commerce and money, not the other direction.


PoS coins are launched without any profitable mining. And some such as Nxt gained significant investment.

But you are moving the goalposts. Now you are not talking about whether unprofitable mining can secure the coin but whether there will be enough adoption and interest to secure the coin. So now you've moved the goal posts to a marketing economics discussion.

If all crypto is going to be is a speculator fuck fest, then it will end up just like pink sheet (shit) stocks do.

We have to enable a widely needed use case for the launch of the coin, or we might as well just admit we are fucking with ourselves same as for Monero and all the shit coins. They are just zero sum game circle-jerk echo chambers. The greater fools will fund those who are extracting the value from the community and it will all die in a heap of broken delusions and bagholders.

CfB's post was nearly a total obfuscation of facts. The key correct phrase is that Iota doesn't do a total ordering. Focus on that and the implications thereof. I am not going to repeat my upthread explanation that the vote will diverge into chaos.

I think we have now shown that one can create a crypto design that is too complicated for n00bs to understand, and thus prevent anyone from explaining to the n00bs why the design is flawed.

Kudos!

The crypto world is starting to reach the stage of insanity.

Iota doesn't do total ordering. Even more, iotas can be spent before they were acquired. "Total number of iotas can't exceed some constant (1 billion without 10^-9)" - this is the rule Iota nodes stick to. There are some lesser rules used for transaction validation but they are not important in this context.

By using that simple rule Iota protocol gives a lot of freedom, the system can be in any state in points where total supply is not important. This gives a big boost to transaction processing speed.

I see parallels between Iota ledger and a quantum system. The quantum tunneling allows particles to pass through potential barriers => double-spendings can exist at some moment. Iota users "vote" on one particular state of the ledger at some moment making the ledger to "collapse" like a wave function.

PS: I think I'm starting to get your problem. You construct models in classical world, maybe it's a good moment to get your feet wet in the quantum world?

A DAG has multiple chains (branches) of partial orders. This is not a global or total ordering such that we know which transactions occurred in which order relative to each other, when those transactions are on separate branches of the DAG (i.e. separate Partitions).

To simulate a total ordering, Iota uses a math model that it expects all participants to adhere to. Problem is afaics this model can't be enforced, the game theories are unbounded in terms of which model of the total ordering is dominant (in terms of defining double spends), this I conjecture (expect) chaos and divergence of Consistency (i.e. inconsistency a.k.a. lack of global agreement about double-spends and thus which downstream branches of transactions are valid).

A more formal mathematical elucidation would be more unassailable than my English language explanations. Yet I am confident (conjecture) that those who are expert enough can judge my statements to be correct or at least a strong concern.

---

I think we may not see the true risks in the early stage of Iota's launch, because my understanding is they are using some centralized servers in the ramp up phase. So perhaps the payers delegate their math model to these servers. I haven't studied their code to know.

Wait I will try to locate CfB's first reply to my line of argument on this point and come back here and post a link. Hopefully also my posts today have added further weight and/or clarification of my conceptualization.

Here is a link to CfB's post to start reading from (not sure if it is the only or best one):

https://bitcointalksearch.org/topic/m.13536310

Try reading forward in chronological thread order from that post until at least the following:

https://bitcointalksearch.org/topic/m.13542612

Because 'find' is insufficient. As I have stated in my prior posts (which again you seem to ignore or lack reading comprehension), there must also be a way to enforce that all participants agree on that global ordering. Since I (and user 'enet') have explained that any global (i.e. total) ordering will be arbitrary, then the only way to force all participants to agree is the longest chain rule.

You can try to dream up other methods such as voting, but when you work through it you will realize there is no unambiguous enforcement mechanism (there is always some game theory around the assumptions made). And this lack of enforcement mechanism on the rule that participants must use, is the reason a DAG is inconsistent and I conjecture will diverge (unless there are centralized servers implementing consistent rules and thus it is no longer decentralized).

Please don't make me explain this again. Every since we started discussing Iota, you have continued to repeat this same myopia over and over and over and over and over and over again. It is very redundant and it is cluttering the thread with noise. Whoever can't understand this very simple concept by now, isn't likely to ever understand it.


Incorrect. You completely failed to comprehend the explanation I made in my prior post. Try reading it again and again and again until you can comprehend.

The payers must send a PoW with their transaction. They will selfishly choose to sign the block which will include their transactions. To double-spend (other than Finney attack which is an error of payees) requires more PoW hashrate than the hashrate of the selfishly-honest payers. And the attacker won't be able to sustain this mining equipment with any profit or even recover significant income, because mining is unprofitable.


You have shown no such weakness in my current design. Yeah I found flaws in my prior designs. So what. I made it very clear in the past that those designs were still under study and that I was not announcing the details until I was satisfied with my internal review.

This thread is not for FUD based on uninformed guessing. If you have a concrete flaw, then discuss. Spilling FUD about my design before a white paper is even released will degrade this thread into a pissing match.

I know very well what the weaknesses are in my design and I will be explaining those shortly.

---

No you have not! Damn it, you make me repeat the same explanations over and over and over and over again. My time is very limited. Please be respectful of the fact that I have too much to do and not enough time. I am in a desperate financial condition, and we need to implement solutions for crypto asap because time is slipping away. Please try to upgrade the level of your comprehension. This post consumed 30 - 40 minutes of my time,

What you showed is that if you had some master in charge of the entire DAG then he could identify an ordering in the data structure, That master would benefit from a master clock and order the transactions chronologically. But I have already explained that the universe can't be synchronous (even if you built that centralized master funnel, it wouldn't interopt with the world and scale and be trustless). Thus you completely fail to consider that you also need an unambiguous rule which enforces your graphed ordering on all participants.

Since there is no (there can't be a) master clock in a DAG, then the only way to order the transactions is with a probabilistic assessment, but this assessment can't even be forced on all the participants. Thus the chaos and divergence will result. In other words, a DAG is Partition tolerant, therefore the Consistency is lost. The CAP theorem has so held.

I was not aware of anyone else using the term provider. Bitshares has delegates, NuBits has custodians, Lightning has hubs, etc. The problem is that as soon as one reaches any scale, one will come in contact with traditional law, the rest of the financial system, Internet services, etc. No ethical business can allow itself to operate outside the law. Its not quite clear what the goal of a global decentralised cryptocurrency would entail. Bitcoin works great in terms of preventing conflict upfront. It doesn't work great for integrating any traditional relationship. If a user wants to trust a counterparty for certain things he should be able to do so. Providers are based on such a relationship. The solution I've come up for this situation is smart collateral which I will detail in another thread. In brief, its a payment upfront to establish trust, which can be seized on misbehaviour by the counterparty (a bit like an insurance against theft).

Edit: the one tool that big companies and rich people have is that they choose the jurisdiction they want to operate in. If rich people can choose their laws and poor people can't then this is not a fair system. So the one perfectly viable strategy and legal strategy is to choose a friendly jurisdiction. It is kind of ironic that Bitcoin mining is most profitable in China.


The system serves it participants which want some kind of utility out of it, be it a profit or a service. Bitcoin works to the extent it does, because it carefully balances all elements. Game-theory is perhaps the most important tool for analysing these systems. Mining is a competitive race. But its unclear what the economics of Bitcoin should look like without the bootstrap subsidy.

I'm lost in all these "orderings", looks like you call different things with the same word.

I've already shown you why this statement is incorrect. If you'd like me to go into more detail, I will.

Nonetheless, the answer is 'yes' is it not?


I'm afraid it has everything to do with it:

In bitcoin the recipient of a transaction knows that they can wait for 1 block to safely accept up to 25 BTC*, because the double spending miner might as well just take the block reward rather than bother with the double spend. If you remove the block reward, it becomes very difficult to judge when it is ok to accept a transaction because you have removed the honest miner's incentive and therefore part of the game theory.


It seems to me that your design is likely to be broken because you have not elected to peer review your work before implementing it. Remember when you were talking about 99% attacks? If you had peer reviewed at that point, we could have explained why that wasn't going to work.

*) https://bitcoil.co.il/Doublespend.pdf

There is a technical problem associated here with blocks, as pointed out by smooth, in that a double spending miner can attack multiple victims at the same time in one block. But that's another conversation.

Profitability of mining has nothing to do with the miner's economics of double-spending. All the miner can do is try to win the longest chain race to orphan a minority hashrate chain. The only way to double-spend with mining power is either a Finney attack (which requires payees to be stupid and accept insecure 0-confirmation transactions) or by spending to the minority hashrate chain and then building your own majority hashrate chain with the double-spend. Whether the mining is profitable or not, is irrelevant to having sufficient hashrate to accomplish the above double-spend attacks. One might try to argue that making the mining unprofitable will lower the network hashrate, but I already offered the solution to that upthread (every transaction MUST include PoW). One might argue this lowers the threshold of security as compared to Bitcoin, but this is only because Bitcoin pays more for security. We can make it unprofitable and still pay more up to the limit of the PoW being submitted with transactions. If you can't grasp this in your mind, wait for my white paper. I won't explain it further now.

---

You are incorrect on the point that mining has to be profitable. You lack imagination and subscribe too much to academic research and do not think out-of-the-box.

You also incorrect to assume that those doing the PoW have to be the ones doing the verification.  

---

The bolded phrase can be incorrect if there are unbounded number of verification nodes. Refer to my upthread post for the reasoning and I quoted only the conclusion as follows:

---

Correct. Thanks.

---

Sybil attack what? You send a transaction and you attach a minimum PoW share. PoW (longest chain rule) by definition can't be Sybil attacked, as it is just a means of unambiguously choosing an arbitrary ordering.

---

But don't forget we discussed upthread that Iota (and any DAG) can't allow the payer to sign the PoW and thus it can't force a round-trip latency cost on outsourcing the PoW to ASIC farms. Thus in theory the mining hashrate in Iota will centralize over time the same as for Bitcoin.

---

There is no adverse cost in my system to more transactions. The more transactions, the more PoW, the better. Spam my design and you make the network more secure! Thus your definition of spam does not apply to my design. The key improvement I make is to remove the block size problem entirely.


It seems to me you lack the imagination and creativity to paradigm shift the problem space, hehe.

---

Correct the solution is provider oriented. I am impressed. You have a strong insight just from knowing the research whereas my insight comes from my own creativity and thinking (instead of reading the research of others). There is no other way. And this introduces centralization, but another of my key epiphanies was that I could control centralization with decentralized PoW. This the permissionless, decentralized attribute is retained.

---

Whereas in my design the PoW is orthogonal to the provider fee market.

Because and that only works if the consistency of each record of the database independent from the other records. This was actually discussed upthread already in the discussion with Fuserleer. Please I asked readers to read the thread and only present new information. I will admonish you if you continue to be too lazy to read this thread and digest it.

Again my prior response applies. The longest chain of PoW is an arbitrary perspective on the plurality of possible orderings. A consistent global ordering doesn't exist in our universe, but for as long as we can force agreement on an arbitrary ordering, then have a Consistent block chain.

---

True, but you failed to address his point. Even if there was only 1 transaction per block (block size limit), the ordering of transactions is still an arbitrarily chosen perspective from amongst a plurality of perspectives of the ordering. This arbitrary choice is consistent with the meaning of a partial ordering (because globally consistent ordering is undefined in our universe), as well partial ordering can also apply to the notion of grouping transactions with a block and the transactions having no relative ordering within a block.

It is true that scripts can't be Turing complete because transaction ordering is arbitrary and thus various alternatives are not commutative. This is one of my criticisms of Ethereum upthread.


What are you trying to say here?

We have no global timestamp in decentralized, trustless designs.


An arbitrary perspective in a decentralized, trustless system must be probabilistic. More complicated because we don't want a centralized system or system that relies on trust.

But note this is not an endorsement of Iota's probabilistic modeling, because the distinction is that in Bitcoin every participant is forced to follow the mathematical model whereas in Iota there is no way to force it.


And no one ever will have an approximation because total order can't exist in our Universe.


Incorrect. A distributed timestamp mechanism can't make the speed-of-light infinite, thus the timestamps will at best disagree by the propagation delay and thus it still won't provide a total ordering.


Not with a distributed timestamp protocol per what I wrote above. With a centralized, trusted timestamp server (thus all transactions standing in line in a queue), you could have a total ordering, But then nothing can happen simultaneously any more.


Yeah but helps more to explain things in a way that people can grasp quickly without needing to dive into all that technobabble research. That being said, I appreciate your input but please try to cite the upthread discussion so we are respectful of what others have already explained.

The problem is without Consistency I expect the DAG to diverge into a chaos of disagreement. You are relying on participants using clients that adhere to the mathematical model you want them to use when choosing which tree branch to append their transactions to (and which acceptance model to use for declaring a transaction is probabilistically confirmed), but given the inconsistency that will arise and the game theories thereof, I don't see a snowball's chance in hell of the thing not blowing up unless you are able to maintain control over what participants do, and then it is no longer decentralized.

My point is there is no equilibrium of just a low rate of double-spends, but rather divergence. I haven't shown this formally (as in a math proof with equations) but I can already see it conceptually.

There doesn't exist such a sequence. As I explained upthread when I first started discussing the Inconsistency problem of a DAG, such a linear sequence would require every transaction get into a global synchronous queue, which would mean every one a million global transactions per second would have to wait in line to processed.

Relativity of spacetime (link to my blog) tells us that the truth about the ordering of events happening simultaneously is relative to the perspective of the observer. Another way of looking this, is that the speed-of-light isn't infinite so we couldn't be informed as to the relative ordering of events that occurred within the propagation time of the speed-of-light. And if the speed-of-light was infinite, then the past and future would collapse into an infinitesimal point and we would not exist (i.e. friction is necessary for existence).

So instead of attempting the impossible goal of eliminating relativity from our universe, we instead want to arrive at an arbitrary consensus choice of ordering. That ordering choice will by definition be one of a plurality of possible perspectives, and we need some way to unambiguously choose a perspective such that no one can disagree.

Competing ambiguously ordered double-spends make it impossible to have agreement about which ordering is correct.

Satoshi's single longest chain PoW design insures there can only be one winning perspective on the ordering and thus there is no competing ordering with ambiguously ordered double-spends. Whereas, a DAG (or any tree with multiple branches) can't unambigously define an ordering in its data structure. I know you will think we can order these in time, but I already explained upthread that there is no global clock to timestamp these nodes of the tree with. Thus the only ordering is the structure of the graph.

So what Iota does is build a mathematical model that it expects all participants to adhere to which defines a probabilistic ordering, but I assert that participants are not bound to this mathematical model and can choose any game theory they want. Again I don't want to rehash these arguments about DAG/Iota, which I already explained upthread. If ever I produce a competing coin to Iota, then I will probably be forced to explain this more clearly in a whitepaper so that it can be known that a DAG simply won't work. But for now, I have no strong incentive to go trying to publicize that. So long as Iota doesn't start trying to promote their coin in this thread. I have been fair enough.

---

Yup.

---

Sorry but you lack imagination and thus understanding. As Einstein said, be careful not to read too much, because one loses the ability to think for themself. CAP does indeed apply and I have explained in this thread how a DAG breaks Consistency because it allows Partition tolerance. The summary above for monsterer should be convincing enough.


That agrees with what I wrote above.


But we are designing trustless, decentralized systems here, so that case does not apply. And that is the problem with a DAG.

---

Please make sure you are adding new information that pertains to technological issues of permissionless, decentralization, and not rehashing what was already discussed upthread nor introducing offtopic discussion.

So we can keep the thread educational and research focused (and hopefully devoid of political turf battles).

---

I added another link to the OP:

How much is 40 bytes of Bitcoin blockchain space worth? That depends on supply and demand (and the value those bytes can carry). Satoshi never solved this problem and just used subsidies. There ought to be some proper process by which it is determined how much a certain transaction should cost. Bitcoin's design does not allow for this properly and all Altcoins have followed this path. It has to do with nodes being able to leaving the network at will. The nodes should be obligated to stay on the network for longer, so that the overall fault-tolerance can be measured accurately. Interestingly also to observe that one can maximize the total value, by allowing financial derivatives to be processed. Instead of sending and receiving coins, the far more profitable market is to allow arbitrary value to be transferred.

Transaction fees are likely too limited a concept, since they only reward short-term behaviour on a per-block basis. I suggest something like provider fees which can be made dependent on other factors also, in particular the number of other nodes, current demand and transaction type.

Probably. In Iota PoW is paid per input/output.

IMO transaction fees should probably be paid per output.

You may be wrong, but I'm too lazy to look for those Bitcoin blocks mined several years ago, that contained thousands dust transactions. That miner got paid (50 BTC block subsidy) for spamming the network.

It seems to me that transaction fees represent the only usable, endogenous spam prevention mechanism.