Pages:
Author

Topic: DECENTRALIZED crypto currency (including Bitcoin) is a delusion (any solutions?) - page 57. (Read 91144 times)

legendary
Activity: 2142
Merit: 1010
Newbie
That is still EXPTIME.

A single quantum computer working at speed of an average notebook would do mining like 21 billion notebooks. How is it EXPTIME?

 Huh

Also:

And that doesn't speed up PoW, rather it speeds up finding a preimage.

#2 of http://bitcoin.stackexchange.com/a/10942

or

4.3 of http://188.138.57.93/tangle.pdf
legendary
Activity: 2142
Merit: 1010
Newbie
You can achieve 50% in some circumstances by making sacrifices in the system.

Selfish Mining paper showed that 33% is the best that can be achieved. The same number is given in http://research.microsoft.com/en-us/um/people/lamport/pubs/byz.pdf. What are these circumstances you are talking about? A sandbox with everyone following your rules?
sr. member
Activity: 420
Merit: 262
That is still EXPTIME.

A single quantum computer working at speed of an average notebook would do mining like 21 billion notebooks. How is it EXPTIME?

 Huh

Please show me your calculation.

Also:

And that doesn't speed up PoW, rather it speeds up finding a preimage.
legendary
Activity: 2142
Merit: 1010
Newbie
That is still EXPTIME.

A single quantum computer working at speed of an average notebook would do mining like 21 billion notebooks. How is it EXPTIME?
sr. member
Activity: 420
Merit: 262
Byzantine tolerance can not exceed 50% of failures.

Isn't it 33%?

You can achieve 50% in some circumstances by making sacrifices in the system.

If you have the inclination, I suspect readers would appreciate a layman's example.
legendary
Activity: 1050
Merit: 1016
Byzantine tolerance can not exceed 50% of failures.

Isn't it 33%?

You can achieve 50% in some circumstances by making sacrifices in the system.
sr. member
Activity: 420
Merit: 262
Quantum computing does not significantly speed up PoW because it is hash based (thus Shor's algorithm doesn't apply). So you must mean that ECDSA signatures could be cracked and double-spent?

https://en.wikipedia.org/wiki/Grover%27s_algorithm:

Grover's algorithm is a quantum algorithm that finds with high probability the unique input to a black box function that produces a particular output value, using just O(N1/2) evaluations of the function, where N is the size of the function's domain.

That is still EXPTIME.

And that doesn't speed up PoW, rather it speeds up finding a preimage.
legendary
Activity: 1008
Merit: 1007
The LCR insures no double-spend exist. There is no fix for the idea of taking the conjunction of chains. The idea is flawed that is why I abandoned it. Also note I had added to my prior post.

That's why you'd need a new chain selection rule... what happens if you were to use to greatest set of all new transactions as the rule?

The greatest set of all new transactions would have the largest cumulative POW weight (in a system with a constant POW cost per transaction), such that any double spend by the attacker within this set would become the canonical spend, not the double spend.
sr. member
Activity: 420
Merit: 262
You guys should take a look at SpreadCoin- the truly decentralized cryptocurrency (no pools, prevents centralization of hashpower, etc).

https://bitcointalksearch.org/topic/ann-spreadcoin-decentralize-everything-decentralized-blockexplorer-coming-1045373

The intended pool destroying feature of that coin does not work. As the white paper admits, pools can detect cheating statistically and ban miners. That is the Share Withholding Attack[1] which already exists in Bitcoin but pools are able to function.

Besides pools are absolutely necessary else miners can't pay for their equipment because they may win a block only every so many years. By eliminating pools (if you could but you can't), you force mining on to mining farms!

I don't have time to waste analyzing all these amateur copycoins. Thanks for trying and I don't fault you as a layman for not being able to discern bullshit from substance.

[1]http://arxiv.org/pdf/1112.4980.pdf#page=27
http://arxiv.org/pdf/1402.1718.pdf
legendary
Activity: 2142
Merit: 1010
Newbie
Quantum computing does not significantly speed up PoW because it is hash based (thus Shor's algorithm doesn't apply). So you must mean that ECDSA signatures could be cracked and double-spent?

https://en.wikipedia.org/wiki/Grover%27s_algorithm:

Grover's algorithm is a quantum algorithm that finds with high probability the unique input to a black box function that produces a particular output value, using just O(N1/2) evaluations of the function, where N is the size of the function's domain.
sr. member
Activity: 420
Merit: 262
The LCR insures no double-spend exist.

Once quantum computers hit the market everyone will be able to rewrite complete Bitcoin blockchain from the genesis. So I would add something to emphasize temporal nature of your statement.

Quantum computing does not significantly speed up PoW because it is hash based (thus Shor's algorithm doesn't apply). So you must mean that ECDSA signatures could be cracked and double-spent?

But same as for a 51% attack that is not a threat vector because no one will honor that. Politically it is an impossible attack.

And still there is no way to recompute all that PoW and arrive with a longer chain, so no attack exists.

Besides in my current design I use Winternitz signatures that are not subject to Shor's algorithm.
legendary
Activity: 2142
Merit: 1010
Newbie
The LCR insures no double-spend exist.

Once quantum computers hit the market everyone will be able to rewrite complete Bitcoin blockchain from the genesis. So I would add something to emphasize temporal nature of your statement.
sr. member
Activity: 420
Merit: 262
Remember I had mentioned in my vaporcoin thread last month that this was my original idea to defeat 51% attack by including all chains. I mentioned when I started this thread that I had found a fundamental flaw in that design. Now I remember what it is.

The attacker can put a double-spend on every block of the minority chain to invalidate it. This is an example of how elusive the flaws can be. You really have to dig.

You need a way to make the double spend only affect the recipient of the transaction, and not subsequent transactions which are chained off the double spend.

In block based POW, a single double spend amongst many other transactions doesn't invalidate the entire block?

The LCR insures no double-spend exist. There is no fix for the idea of taking the conjunction of chains. The idea is flawed that is why I abandoned it. Also note I had added to my prior post.
sr. member
Activity: 420
Merit: 262
Need for censorship resistant block chain technology applies not only to currency:

1. So the decentralized database is a block chain?

2. Does the browser need to run Java applets to do wallet level operations?

3. What is the advantage for the user of a decentralized block chain storage for their tweets? The data is open to display/access to anyone and thus isn't owned by Twitter, so tweets can be displayed by any client, not just through an API authorized by Twitter. Talk about how this creates advantages that users care about? Sounds like it will be used by terrorists so then the government has an incentive to shut it down.

4. How can this remain decentralized if the mining becomes centralized? Seems the same centralization problems that plague crypto currency thus hang over the head of any current block chain design.

5. Why should we think a product that is breaking SEC regulation by selling shares has any long-term future? The government can make an example out of you with SEC action.
legendary
Activity: 2142
Merit: 1010
Newbie
Byzantine tolerance can not exceed 50% of failures.

Isn't it 33%?
legendary
Activity: 1008
Merit: 1007
Remember I had mentioned in my vaporcoin thread last month that this was my original idea to defeat 51% attack by including all chains. I mentioned when I started this thread that I had found a fundamental flaw in that design. Now I remember what it is.

The attacker can put a double-spend on every block of the minority chain to invalidate it. This is an example of how elusive the flaws can be. You really have to dig.

You need a way to make the double spend only affect the recipient of the transaction, and not subsequent transactions which are chained off the double spend.

In block based POW, a single double spend amongst many other transactions doesn't invalidate the entire block?
sr. member
Activity: 420
Merit: 262
So let's say the union of both chains is the rule. The problem becomes how many chains do we allow in the union because it is unbounded. If we place a bound on it, the adversary can Sybil attack the bound.

It has to remain unbounded for it to have any chance of working. In this case, such an attack would bring consensus to a standstill - but would this be a sustainable attack? If you imagine the attacker generating new POW transactions continually to create the bigger union, this is going to get quite expensive for him quite quickly... whereas the minority do not need to expend as much energy, since they are just bundling transactions not fabricating them.

Remember I had mentioned in my vaporcoin thread last month that this was my original idea to defeat 51% attack by including all chains. I mentioned when I started this thread that I had found a fundamental flaw in that design. Now I remember what it is.

The attacker can put a double-spend on every block of the minority chain to invalidate it relative to the longest chain (which also contains the double-spend but confirmed after the minority chain has confirmed the double-spend). This is an example of how elusive the flaws can be. You really have to dig.

I think what I did next was contemplate still taking the union (conjunction) of all non-double spent transactions from all chains. I forget at the moment what was the flaw with that. I should have wrote it down. Edit: now I remember. The attacker simply waits until there are derivative transactions, so no one can trust any transaction is truly confirmed on the minority chain.  Wink
legendary
Activity: 1008
Merit: 1007
So let's say the union of both chains is the rule. The problem becomes how many chains do we allow in the union because it is unbounded. If we place a bound on it, the adversary can Sybil attack the bound.

It has to remain unbounded for it to have any chance of working. In this case, such an attack would bring consensus to a standstill - but would this be a sustainable attack? If you imagine the attacker generating new POW transactions continually to create the bigger union, this is going to get quite expensive for him quite quickly... whereas the minority do not need to expend as much energy, since they are just bundling transactions not fabricating them.
sr. member
Activity: 420
Merit: 262
Fuserleer if you can solve it, I am ready to work on yours. Who ever can solve it, I am with you.
hero member
Activity: 784
Merit: 1000
I made some most likely unwanted shilling about your effort. I hope you can make some progress on this. That't would be really cool. 


The only hope if some idealistic but super intelligent individual like TPTB_need_war will build a system that solve the decentralization issue as well as eliminate the CAP theorem flaw, Byzantine generals problem and many other issues that needs to be solved in order to implement a safe and decentralized system. Personally, I doubt such system can be designed, Satoshi, Szabo, etc have not even tried to design such system, but lets hope some smart people are capable to do that.


 I will try to find the flaw asap. Hopefully today.

If someone is capable then that person is you are. Whether it is possible or not to design such system, it remains to be seen.
Have a good health and good luck!
Pages:
Jump to: