Topic: DECENTRALIZED crypto currency (including Bitcoin) is a delusion (any solutions?) - page 58. (Read 91144 times)

CAP theorem cant be overcome due to the speed of light.   Byzantine tolerance can not exceed 50% of failures.

The only solvable one IMO is decentralization, all attempts thus far have gravitated to some kind of centralized nature, either partially or totally, but I blame that on system design flaws and not some "law" or "theorem" we haven't yet discovered.   Somebody at some point will do to a sufficient degree.

 I will try to find the flaw asap. Hopefully today.

I made some most likely unwanted shilling about your effort. I hope you can make some progress on this. That't would be really cool. 

Yes of course was one of my ideas long ago, but as you have identified there is still an ambiguity because as soon as we accept the minority chain, then the longest chain announces a new block with more transactions. There is never a point in time where we know definitively which chain is longer in number of transactions.

So let's say the union of both chains is the rule. The problem becomes how many chains do we allow in the union because it is unbounded. If we place a bound on it, the adversary can Sybil attack the bound.

I'm not entirely sure you need time at all for this. For the sake of argument, imagine we have our awesome new chain selection rule in place already, which selects the chain with the largest set of transactions. If the majority POW starts censoring transactions and produces a block with a subset of all transactions, the minority can produce a competing block at the same height which contains the attackers transactions and the censored transactions.

Now, logically at this point, the attacker would simply use his superior POW to generate a bunch more transactions to fool the chain selection rule, however, again, the minority can simply include these new transactions and the original censored ones thereby producing the largest set again.

This might end up in a stalemate of infinite forking, of course as attacker and minority battle it out forever, but there we are.

I am proposing a design where the spenders (of transactions) are the miners. Thus if there isn't a lot of transactions, then there won't be much hashrate on the mining.

I have long stated that I am not interested in developing a coin that is distributed to HODLers. I want to distribute a coin directly to typical users of social media and other internet activities.

So my response to you is that a coin without transaction adoption is going to die. Why should it be any other way.

The bolded phrase can't be measured. With block chains we don't know when is when. All we know is the longest chain and what was confirmed in each block. As you know, there is no global clock to compare chains. This insight is fundamental to understanding block chains at the research level.

As I explained in the post of mine you quoted from, the only way to measure relative time between two block chains is during propagation, but you and I already documented in my vaporcoin's thread that propagation doesn't prove anything (can be inconsistent among peer nodes and offline nodes can be lied to).

And note that if we use Satoshi's design or Bitcoin-NG's design, then transaction fees are problematic because in Satoshi's design we don't know when our transaction will be included in a block because we can't know apriori the minimum transaction fee of the node which wins the next block solution and for Bitcoin-NG that node (which is already known when we send our transaction due to NG's instant confirmations) can extort high transaction fees if we are in a rush because that node has a monopoly until the next block is found. Thus essentially these designs make mining profitable again and eliminate the advantages of including a PoW share with each transaction. Mining has to be unprofitable for my idea to enable decentralization and fix the "unbounded transactions spam versus centralized oligarchy mining control tradeoff" dilemma.

Thus I believe my idea can only work in my design which has a difference from those two above. I am trying to find the flaw in my design that renders mining profitable through some game theory. That is why I say I am not yet sure if my idea is sound. In my design there are multiple nodes to submit transactions to, i.e. the intrablock partitions, so they can't monopolize and thus transactions fees should fall to the level of costs. And thus mining should remain unprofitable. There can be complex elusive flaws though, so I need to study my design more.

Gentlemen, if I could butt in here..

Ixcoin, clone of bitcoin, has reached end of coin minting as of over a year ago. ix is a good test subject as it is struggling to maintain interest among the exchanges and miners due to not alot of transaction fees and zero coin reward.

There are still transaction fees to consider (although obviously not in Iota), otherwise you might argue that bitcoin itself would suffer the same fate of diverging consensus, when the block reward expires.

Thanks for raising that issue for clarification. Without a block reward, there is nothing at risk in terms of not being on one longest chain, other than that your transaction isn't truly confirmed if there is no convergence. But remember I was proposing there will be a block reward, it just won't be profitable. So the miner will still risk losing the compensation of the block reward same as for Satoshi's design if they don't follow the LCR. So this is a major difference in my design and Iota. Iota has no blocks so it can't offer a reward (which also means the coin supply will shrink to 0 asymptotically in Iota).

Without a block reward, you are correct that the only incentive to be on a longest chain is so your transaction is confirmed unambiguously. But the problem is that multiple chains can have conflicting double-spends ex post facto and thus merging partitions becomes impossible in come scenarios without reversing transactions. I don't think a DAG (Iota) can force convergence in all scenarios. I would need to spend more time writing down attack scenarios and motivations. I assume I would do that some months later if I had already invested developing my design. I don't want to go off on that tangent right now.

The chain selection rule is the problem here. You'd need a new one to deal with this - it would somehow need to take into account the greater set of all transactions; since censorship necessarily is exclusive, the true set of all transactions would always be larger than the censored set, such that the minority would always have the ability to include the attackers transactions along with the censored ones. However, quite how you combine this with the LCR is unclear at worst and maybe impossible at best, because the minority by definition has less hashing power than the majority.

Here is another question, sparked by TPTB (and partially aimed at Iota, but not exclusively so):

* If there is no reward at all to performing POW (neither block reward nor transaction fees), what incentive is there for consensus to diverge vs converge?

One incentive for it to converge is the desire to have your transaction confirmed in a timely manner - this encourages transaction submitters to chose the chain with the most work and submit their transaction there.

Why would it diverge?

This is offtopic of technical, and I don't want to encourage a noisy discussion about everyone's crystal ball opinion. I reply because I think it is very important to get readers to understand how social inertia ALWAYS works historically and thus how it will work again. Because many people just assume that when totalitarianism of top-down society (e.g. socialism end stage and reset) is too oppressive to bear then it resets and everything is restored. But that is not what happens. Study history.

At the minimum, at the timing of peaking global top-down society (e.g. Fall of Western Rome), there are decades of extreme suffering. And if the balance between decentralization (individual action) and centralization (top-down societal control) is unable to restore itself, then society stops functioning and enters a Dark Age for usually hundreds of years. Even the books of knowledge are burned.

We are at a juncture where the control of the digital highway by government could cause all commerce to die as it is monopolized by those with the most capital and connections and all individual entrepreneurialism is taxed and regulated to extinction.

Society is unable to do anything to escape this downward spiral, because analogously to the reasons that professional miners can't prioritize fighting back and have to save their own ass, the people always prioritize themselves first. Thus the people will prioritize what ever morsel they can get for themselves while Rome burns. This is fact of human nature. Study history.


I can't see any correlation between Paradox of Thift and the need for more altcoins.

Society will converge one one fungible unit. It always works that way. We are not creating apps here. This is money. I realize all the altcoins so far are not really money, but just delusional projects. But if we are talking about widepread adoption, then there will be only one.

Those who deny how history has already shown that there can only be one outcome for money (which is unification on one fungible unit), are in delusion.

Edit: note I am referring to money above. There could end up being multiple viable projects for block chain 2.0 features that are not money.

Very courteous. I would like to reply to all who posted upthread, but my time priorities may or may not allow it. Others should feel free to also post replies to others. I launched and posted vigorously to give the thread value, but I might not be able to keep it going.


I believe the world is likely to settle on one fungible unit because widespread acceptance is more attractive and once the trust issues have been resolved, then why need another coin. And this is another reason I think we are running out of time to avoid enslavement.


I agree to continue working if I have something to work on which is actually significantly and paradigmatically improving the permissionless commerce and also giving us sound instant and micro transactions (and hopefully which is also compatible with integration with Zerocash for perfected anonymity[obfuscation of all transaction details]). If I can convince myself that I have a design which is sound and achieves those goals, I will continue to develop. But I want to be brutally frank with myself at this juncture. I've expended 3 years so far in crypto land research and development. No more half-ass delusion bullshit for me. I have to enumerate all the issues in a design and be very certain I am producing something more than just a dubious babystep that isn't really advancing the core dilemma, e.g. in my opinion Cryptonote/Monero doesn't really advance anonymity in terms of permissionless commerce against a global adversary such as the government (top-down society). And I was sad to come to that realization because I invested a lot of effort in June/July to invent Zero Knowledge Transactions combining Cryptonote with Compact Confidential Transactions (and even paid 4 BTC to the inventor of CCT for his collaboration with me). Hope everyone realizes I abandoned that invention only after serious reflection thus meaning I was forced by the reality of my analysis to abandon a major invention and effort. So therefor when I make that assertion about Cryptonote/Monero, I am also suffering for that assertion.

Edit: it might be the case that some would argue we don't want to create a crypto design which is resistant to top-down government (society) interference with the protocol, because we want mainstream adoption. For example, the Monero folks might argue that anonymity for businesses hiding data from snooping by competitors. But this logic falls apart because the data obtained by for example the NSA can be leaked or sold because again there are human employees inside these institutions (e.g. Edward Snowden). When the balance between decentralized and centralized power is lost, then the world falls apart and enters a Dark Age. This is not a joke. This has happened before in human history and we are at another very dangerous juncture given the digital landscape has now become ubiquitous.

Here is an example of a design thought process I went through and exemplifies how the CAP theorem flaw in a design can be elusive.

Start with the insight that if the greatest realistic concern with a 51% attack is that it could censor transactions, then if a minority PoW chain could prove that that majority chain is censoring then the minority chain could fork (automatically due to protocol without any politics) without any ability of the majority PoW to attack the fork (in terms of censoring transactions). Problem is there is no way to prove the majority chain has seen a transaction since it refuses to acknowledge it. The minority chain could include the censored transaction, but the majority chain could include more new transactions. There is ambiguity over which chain is the truth and so the Longest Chain Rule (LCR) kicks in and the majority PoW chain is the winner.

I did think of having the majority chain include a hash of the transaction, then later reveal the transaction data, but this doesn't solve the problem (just think it out).

The minority chain needs some way to prove that it included the censored transaction a long time before the last block of the majority chain. The problem is the Second Law of Thermodynamics in that we can't prove that a digital signature/hash occurred before some event in the future. The minority chain can refer to a historic event (e.g. block of the majority chain) when it hashes a block, thus proving a block occurred later than some block on the majority chain, but that doesn't prove that the minority chain wasn't just constructed before any event (i.e. it could have been constructed just now). Thus there is no way for the minority chain to construct the necessary proof. Even employing a timestamp server in various clever formulations won't solve the dilemma of trying to violate the Second Law of Thermodynamics. This is what I mean when I state that the CAP theorem is inviolable.

---

Thus my idea for permissionless improvement is to make mining unprofitable by limiting the debasement rate yet requiring each transaction to include a level of PoW difficulty. The goal is to keep the PoW power in the hands of the users so their client software can (perhaps automatically?) redirect to delegate full nodes which are not censoring transactions or otherwise maliciously modifying the protocol (e.g. censoring transactions that don't sign a KYC/666 id number).

As I stated in the previous post that if mining is unprofitable then requiring some PoW with each transaction solves the "unbounded transactions spam versus centralized oligarchy mining control tradeoff" pointed out by ArticMine— which in Satoshi's design requires contention over the block size choice which thus reduces Satoshi's design to a centralized politics because there is no block size which is ideal.

There are at least three design challenges introduced:

• The PoW only has to be recomputed if the prior block on which the PoW share was computed is orphaned.
• The delegates could provide the PoW (compute it more efficiently employing an ASIC) in exchange for a fee.
• The difficulty has to be adjusted so that the block period remains constant.

If the PoW share difficulty is constant and chosen such that it requires at most only a millisecond to compute on most client computers, then the 100s of milliseconds round trip latency cost of paying a delegate server to compute the PoW is more costly to the user than just computing the PoW share locally on his client. The user doesn't care about the increased electricity cost for computing the PoW on less efficient hardware because the cost is miniscule compared to the value of the transaction.

The difficulty can be adjusted as it always is in Satoshi's design as this is orthogonal to the amount of difficulty required for each PoW share.

Thus so far my idea has passed the initial process of searching for a flaw. This is promising. Note this was not my only idea for significant improvement to Satoshi's design, as I explained (but did not yet reveal all details on) up thread.

Thanks for reply. I didn't quote it to keep the clutter down

I think one thing is that the problems discussed in this thread highlight the need for alternative chains. One way to keep cryptocurrencies decentralized is to make sure there are many of them. And I mean I guess thats why we're all her in the altcoin thread... But the other aspect of this notion is that you can't waste your time developing these systems if you think you have something worthy of developing. The only solution that truly fails to solve a problem is the solution that's not implemented.
And the other aspect is that bitcoin maximalists are just vested idiots.

Here is that linked post:


Correction: my idea for temporal intrablock partitioning doesn't solve the problem above, but rather it makes block announcements a constant size (and enables instant transactions). The problem above remains and remains for Iota too in the sense that sending unlimited transactions is still an unbounded load on all the full nodes in the system. Remember that market based transaction fees are not a solution to the problem. My proposed solution (ditto for Iota) is again that every transaction has to include a PoW share. Since PoW is unprofitable (or if the PoW share provided is not computing a block solution), then this solution can be employed. However note it works much better in my (and also Iota's) design because in a Satoshi design it is possible your transaction won't get included in the current block so then you need to recompute your PoW share and resubmit your transaction. This is one of the details I was referring to. I think my design doesn't have that problem. Again I don't want to detail it entirely yet. I will get some rest now.

Those naive who are contemplating making their own copycoin lack exposure to level of unresolved problems in crypto land, and the intense level of arcane details they would have to become knowledgeable about.

That was 12 hours ago and you've posted every hour since then. 

Seriously.  Consider some downtime and get some much needed rest. 

Daniel constructs a strawman that claims we need Proof-of-Stake due to the claim that fault tolerance and throughput scaling is just sufficient hardware redundancy and hardware optimization, so decentralized control should be delegated so that delegates with more resources can provide better redundancy and optimization because any system will centralize as necessary to obtain that redundancy and optimization.

Conflations and logical errors in his reasoning.

Even if the claim is true, it is an assertion of his omniscience to conclude that PoW can't be reorganized in a design that also enables redundancy and optimization. I have a specific design variant in mind to accomplish that with PoW. Thus he constructed a strawman to fool readers into thinking DPOS is superior to PoW.

Also I think fault tolerance and throughput scaling is more than just  hardware redundancy and hardware optimization. For example, if the politics of DPOS causes de-optimization in some game theory such as the example I mentioned in this thread:

---

---

His egregious myopia is that fault tolerance and throughput scaling depend on decentralized control!

At the post I quoted above, I summarized why PoS is less secure for sustaining decentralized control. If we just punt and say centralized control is coming any way, so let's accelerate it by choosing to replace Satoshi's attempt at decentralized consensus with the same political mess we are trying to fix by inventing Bitcoin in the first place, then we have entirely defeated our reasoning.

My aim is to try to improve on Satoshi's design to add more power to the ability to sustain decentralization. Or give up and quit.

Decentralization is the normal mode of society. It is when the normal oscillating balance between decentralization and top-down control entirely fails in one extreme direction that society enters a Dark Age for 600 years. Without a balance of decentralization and top-down control, nothing functions and everything collapses.

So I am trying to figure out how we construct a crypto coin so that there remains a tension or competition between decentralization and centralization ongoing. We don't want entirely decentralization and no centralization as that is just as bad as entirely centralization, e.g. see the reply I made to ArticMine upthread and how 100% decentralized control over what goes in the block chain means a choice between unbounded spam or oligarchy control. Thus the problem is the lack of balance and Bitcoin flip flops either to too much decentralization forcing too much centralization (a Tragedy of the Commons). Credit CoinCube for making me aware of the applicable math on that point. Message him if you need the link to it (I don't have time to go find it).



I have agreed with the problem he outlines, and have proposed making mining unprofitable by submitting PoW share with each transaction as the way to get very high security at very low percentage of debasement (necessary to replace lost coins).

However he has constructed that strawman to lead into a non-sequitur concluding that PoS (even DPOS) can cause a great rise in price. An inferior consensus algorithm is not going to see wide adoption.


He assumes that all users in the world will trust BitShares block chain more than any other competing block chain offering similar features.

The point he makes about preferring lower spreads also applies to preferring not to exchange in a BitAsset that has to be converted again to the real asset desire, e.g. where the BitAsset is the proxy for another altcoin you are exchanging for.

The notion that we could use a proxy for the dollar without ever needing to cash out to actual dollars, also requires that everyone will use crypto currency, thus we could just use the crypto currency instead of the BitAsset proxy (if that crypto currency was ubiquitous which is inherent in his assumption).


I hope I have explained why when I used to debate Daniel in these forums back in 2013, I realized he couldn't effectively lead me. He is smart but comes up with the great strawmen and leaps in logic to support his flavor of politics and socialism. Is he still pushing that inane concept of paying an interest dividend to stake HODLers? We are supposed to be designing an End-to-End Principled crypto currency not a country club membership or Amway multi-level marketing scheme.