Pages:
Author

Topic: Decrits: The 99%+ attack-proof coin - page 24. (Read 45353 times)

hero member
Activity: 798
Merit: 1000
April 30, 2013, 03:41:41 PM
#80
I have a hard time believing you could hack your way out of a cardboard box.
legendary
Activity: 1050
Merit: 1000
You are WRONG!
April 30, 2013, 03:16:32 PM
#79
proof-of-stake based systems are possible, and there are other risks with them then there are with proof-of-work based ones.

The proof of consensus that I've described is absolutely nothing like "proof of stake".
well then you system surely will fail.

Quote
Nope, you have done that all by yourself. You answer most questions with a wall of text, and your proof-of-stake system is huge and complex.

I can't answer the questions in terms of bitcoin. Do you want to actually learn something or just assume that I don't know what I'm talking about and chomp at the bit as you have done every time I've made a short answer? I can't win. Short answer: I'm stupid. Long answer: I'm a wind bag and something like cryptocurrency over the internet can't possibly be possible. Whoops.

Proof of consensus may sound huge and complex, but only in the concept of a bitcoin blockchain. With a ledger, many advanced features that are totally unavailable to bitcoin are possible. You choose not to grasp that for whatever reason.
i still say: come up with a implementation, and i will hack it to dead.
hero member
Activity: 798
Merit: 1000
April 30, 2013, 03:12:16 PM
#78
proof-of-stake based systems are possible, and there are other risks with them then there are with proof-of-work based ones.

The proof of consensus that I've described is absolutely nothing like "proof of stake".

Quote
Nope, you have done that all by yourself. You answer most questions with a wall of text, and your proof-of-stake system is huge and complex.

I can't answer the questions in terms of bitcoin. Do you want to actually learn something or just assume that I don't know what I'm talking about and chomp at the bit as you have done every time I've made a short answer? I can't win. Short answer: I'm stupid. Long answer: I'm a wind bag and something like cryptocurrency over the internet can't possibly be possible. Whoops.

Proof of consensus may sound huge and complex, but only in the concept of a bitcoin blockchain. With a ledger, many advanced features that are totally unavailable to bitcoin are possible. You choose not to grasp that for whatever reason.
legendary
Activity: 1050
Merit: 1000
You are WRONG!
April 30, 2013, 03:03:18 PM
#77
supposedly, but it will not work, and be easily exploitable.

What makes you so certain? That no one could possibly do something better than satoshi? Did you contemplate and discover that digital distributed cryptocurrency was only possible with proof of work before it was proven in practice?
proof-of-stake based systems are possible, and there are other risks with them then there are with proof-of-work based ones.


Or is it because you've clearly shown how incompetent I am? Roll Eyes
Nope, you have done that all by yourself. You answer most questions with a wall of text, and your proof-of-stake system is huge and complex.
hero member
Activity: 798
Merit: 1000
April 30, 2013, 02:47:39 PM
#76
supposedly, but it will not work, and be easily exploitable.

What makes you so certain? That no one could possibly do something better than satoshi? Did you contemplate and discover that digital distributed cryptocurrency was only possible with proof of work before it was proven in practice?

Or is it because you've clearly shown how incompetent I am? Roll Eyes
legendary
Activity: 1050
Merit: 1000
You are WRONG!
April 30, 2013, 02:21:27 PM
#75
Is the implementation / client for this in the works?
supposedly, but it will not work, and be easily exploitable.
member
Activity: 76
Merit: 10
April 30, 2013, 02:03:20 PM
#74
Is the implementation / client for this in the works?
hero member
Activity: 798
Merit: 1000
April 30, 2013, 10:28:27 AM
#73
The neat thing is though, if 10% is worn away by attrition since the genesis of the network, checkpointing the network at any point you are comfortable that being fooled is impossible (which is pretty much any point other than the last few days, the odds of being fooled decrease in some exponential manner the longer you wait), and consensus will be 100%. Over the history of the network is only if you compare it to the genesis block. It also gets more difficult for consensus to be lost over time. The original SHs are worth 1% each, but at the point of 100,000, losing people will be insignificant compared to the historically signed consensus and the current consensus. I believe consensus from genesis will be stable at 95-98% forever, unless faith is lost or a large percentage of the first 100 SHs have their currency destroyed.

Quote
then a new clean start genesis block can be created for a new currency / new network and everyone buy into the new one, the main motivation of the move being too many quitters over the millenia in the old currency.

All it takes is a few public keys and people willing to start the job and the currency cannot be defeated. That is how powerful proof-of-consensus is.
legendary
Activity: 2940
Merit: 1090
April 30, 2013, 10:09:07 AM
#72
A smart client would interpret the data this way: if there were originally 100 SHs in the genesis block, and 99 of them never signed out and are no longer present, the maximum consensus that this chain can have is 1%, even if there are now 500,000 SHs. In the future, the real network is likely to have somewhere around 95-98% consensus I would think, as 3,000DCR should be a lot of money to people if Decrits is useful and popular--but there will be people that accidentally or intentionally lose their shares over the history of the network. If the network is currently split in an ongoing attack, if EvilCorp was not in on it almost from the start of the network, it will be very, very difficult for EvilCorp to look like the better network, even to a complete newbie node, but the real network might also be below 50%, so it is not 100% cut and dried. Or maybe it is, because there will not be a rational reason to do this.

Essentially, if EvilCorp has a mad plan and buys up 101,000 shares when the network has currently 100,000 shares to perform a "51% attack", assuming no one signed out in the mean time, EvilCorp will have a network with 0% consensus and TheGoodGuys will have 49% consensus. That's why a 99% attack doesn't work either. This is not a network-enforced choice but it's a brain-dead obvious one.

You could move on long before gradual/inevtiable attribtion-over-time has made a huge dent in your percentage.

Basically if stakeholders/shareholders are so un-interested in the coin, or actually functioning as one is so likely to turn out not quite feasible that people keep being dropped just because it is actually hard to do the job, it will be apparent the system has problems or is simply not even interesting to its own investors.

If over the centuries attrition makes the percent gradually go down, maybe from the value going up so much that the cost of a share is too immense for anyone except "old money" to afford one and they already all own plenty of them, then a new clean start genesis block can be created for a new currency / new network and everyone buy into the new one, the main motivation of the move being too many quitters over the millenia in the old currency.

(Maybe a little bit like deciding to use a new set of coins or paper-money notes/bills because the old ones are getting old and worn and frayed.)

So yeah, see maybe anything less than 75% or 80% or maybe even 90% and you can be suspicious. "Why hasn't the new edition network been started up yet if already over 10% of the consensus has been worn away by attrition?!?!?!"


-MarkM-
hero member
Activity: 798
Merit: 1000
April 30, 2013, 08:04:11 AM
#71
It isn't. The genesis block is required for proof-of-consensus. The genesis block (or any block that you are sure is from the correct network) is required to know you're on the right network. Then all you need is the history of the SHs' shares from the point of that block (50-100MB for 500k of them) and you can confirm with 100% accuracy the validity of any account block in the account ledger with the hash tree.
sr. member
Activity: 359
Merit: 250
April 30, 2013, 07:00:25 AM
#70
Quote
Now, as long as the client has the genesis block for the network (...)
I was under impression that network is not going to keep all transactions that happened from genesis block.
hero member
Activity: 798
Merit: 1000
April 30, 2013, 01:39:20 AM
#69
This coin will have it's 2nd birthday in a little over a month.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
April 30, 2013, 01:37:14 AM
#68
*John faints with another coin*  Tongue
hero member
Activity: 798
Merit: 1000
April 30, 2013, 01:35:18 AM
#67
Bump for dramatic thread title change.
hero member
Activity: 798
Merit: 1000
April 29, 2013, 06:37:39 PM
#66
There is nothing obvious for node joining network because it has no knowledge of what network should look like. Node just sees two different networks one with no way to decide which one is "real one".
Easily deciding which chain is honest without relying on any authority is the most important thing in bitcoin and you can't really do decentralized database without this.

First of all, you have to rely on an authority, just not a central one. Bitcoin's authority is hashing power, Decrits' is consensus. Now while consensus at first may seem wishy-washy, the fact is that it is a very public, very distributed network where any collusion attempt by the consensus will be out in the open, recorded, for all to see and prove. But I think you are willing to agree on that point. Even in absolute worst-case scenarios where EvilCorp owns a significant amount of real shares and has a target's connection to the network surrounded, whatever manipulation was attempted will be recorded, and the victim can later prove malfeasance.

A bit of a side bar for sec. There is (brag) a bit of ingenuity in how the transaction block chain works (nb: as proposed in my notes). kokjo assumed earlier in this thread before asking that the order that transactions are approved in is ever in the control of one node or several nodes. It is not. The chain goes in a random order that is changed only by adding the hash of every single SH's signature on the prior CB to some random function. This is the reason why SHs will lose their deposit if they do not sign the CB. They either can't affect the randomness of this function, or lose 3,000 DCR or whatever the price may be for a share. They are also required to sign the "potential" CB (I have to clarify this in the OP) during their assigned TB, meaning that if they do not sign it then (by missing their TB), they will receive a soft strike*. The very last person to sign the CB could make for two potential outcomes [one of them might be better than losing 3,000 DCR], but I think there are ways to avoid that too--I'm going to go too far on a tangent though. Generating a distributed, unmanipulatable random number for the network is significantly important though, and was something I solved only recently. It's like 50 hours of ideating and 10 lines of code.

* - this is to prevent repeated attempts to learn information about other SH's signatures

The point of writing all that was to say this: even if EvilCorp controls, say, 80% of the shares and a strong enough control over the CN or is somehow man-in-the-middle attacking a MITM-resistant network (section 2.B) to pull off a massive currency heist, the odds of a TB being forcibly missed because EvilCorp temporarily can't let you see anything from TheGoodGuys during the time frame of this heist are very high. Say the transaction is for 100kDCR, a very prudent person would want to wait for enough transaction blocks to pass to cover at least 100kDCR, i.e. 34 (5 and a half minutes) if the share price is 3kDCR.. It would be another tangent to explain why covering it is important. Anyways, someone determine the odds of EvilCorp owning all 34 in a row. It's low. So if EvilCorp manages to pull this off, they must pull it off in a window where they control every single SH for as long as the victim wants to wait. Because if a TB in the chain is missing, the victim has a thought of "what if...?" Missing TBs are only slight hiccups for regular, every day transactions, but they have big implications for big transactions. This all requires a lot of detail though into how massively awesome I believe consensus-based security can be, and this post is already too long and hasn't answered your question.



Now, as long as the client has the genesis block for the network it is interested in participating in and at no point has the consensus massively colluded to do something nefarious*, then the newbie node can very reasonably determine which network is the correct one in the face of competing networks.

* - This would be common knowledge, like mtgox being hacked or something, except a lot of people just sacrificed a lot of money.

There are two ways for money to be removed from the "share ledger"--1) being destroyed for doing something bad (such as not agreeing to the consensus, section 1.B.ii), 2) by the share's owner withdrawing it. In situation 1), we have no way to determine whether or not the shareholder actually did something bad--only that the consensus agreed he did. Even if we did store a record of a bad transaction block as proof, because the state of the network is routinely pruned, it will be meaningless evidence in the future. In situation 2), the shareholder signs a hash of the shareholder record as they remove their share. While the shareholder record would not likely be kept forever (an ongoing hash could though), it is pretty heavily bound by around 100 bytes for every share purchased and 100 bytes for every share legitimately removed. If you've had 500,000 shareholders in the history of the network, you have 50-100MB of data you need to download, plus the headers of the transaction blocks from present back to 100% consensus or whatever makes you feel comfortable (100 or so bytes X the number of current shareholders).

What this does is create an ongoing consensus. Each member who has left the network has written, "yup, everything's cool" and everyone else still there is around to confirm it. Members that are no longer in the network and did not sign out lost 3,000 DCR. If that percentage is, say, 1%, then there's a monumental chance that you are on the correct network.

A smart client would interpret the data this way: if there were originally 100 SHs in the genesis block, and 99 of them never signed out and are no longer present, the maximum consensus that this chain can have is 1%, even if there are now 500,000 SHs. In the future, the real network is likely to have somewhere around 95-98% consensus I would think, as 3,000DCR should be a lot of money to people if Decrits is useful and popular--but there will be people that accidentally or intentionally lose their shares over the history of the network. If the network is currently split in an ongoing attack, if EvilCorp was not in on it almost from the start of the network, it will be very, very difficult for EvilCorp to look like the better network, even to a complete newbie node, but the real network might also be below 50%, so it is not 100% cut and dried. Or maybe it is, because there will not be a rational reason to do this.

Essentially, if EvilCorp has a mad plan and buys up 101,000 shares when the network has currently 100,000 shares to perform a "51% attack", assuming no one signed out in the mean time, EvilCorp will have a network with 0% consensus and TheGoodGuys will have 49% consensus. That's why a 99% attack doesn't work either. This is not a network-enforced choice but it's a brain-dead obvious one.
newbie
Activity: 19
Merit: 0
April 29, 2013, 05:30:19 PM
#65
About the bootstrapping process, there is an idea here.

It's been thought out specifically to sign the nodes in a distributed exchange, but the pattern can be used for other things.

I like where this thread's idea is going...
hero member
Activity: 798
Merit: 1000
April 29, 2013, 04:00:56 PM
#64
Give me some time to get home and write a post and I will show you why your attack is ineffective in more detail, aaaxn.

kokjo, your attack just goes back to the general network overtake attack, which assuming the dishonest network plays by the rules (what's the point?) it will be up to the people to decide which network is honest, which boils down to where the amazons and best buys and their friends who are not massive colluders intent on destroying the currency will be.
sr. member
Activity: 359
Merit: 250
April 29, 2013, 03:34:36 PM
#63
There is nothing obvious for node joining network because it has no knowledge of what network should look like. Node just sees two different networks one with no way to decide which one is "real one".
Easily deciding which chain is honest without relying on any authority is the most important thing in bitcoin and you can't really do decentralized database without this.
hero member
Activity: 798
Merit: 1000
April 29, 2013, 03:31:57 PM
#62
Except either you buy enough SHs for real money to cause trouble, in which case you have spent massive amounts of money to accomplish fooling unconnected new nodes (and they will still be able to detect the mass "exodus" of people who just let their money get destroyed), or you enter into the network split scenario where you still have to be on your best behavior because everyone is watching. These are things I will get into later.
legendary
Activity: 1050
Merit: 1000
You are WRONG!
April 29, 2013, 03:16:42 PM
#61
I really doesn't change anything because attacker does not need to start at genesis block but can start at later date when he successfully acquire his first seat.

You are correct. I am distracted atm. I never thought much on this because it is, for the most part, an edge case. In the case of seeing two networks (the node is not surrounded), the node that is being deceptive was either part of both (signing the CB) at the same time, still part of both (in which case the deception is obvious), or signed out of the honest network at the same time (still obvious), or had his stake destroyed by the honest network because he went "missing". If he's still in both, he's going to get his share destroyed for provably signing an incorrect block, assuming the one being deceived eventually realizes this and still has the info.

If the node is only getting one view of the internet, this is always going to be an easy to manipulate case, just like it is for bitcoin. The client could warn against "hey there's a time when there was only 1 SH -- this network is unlikely to be honest" type thing.

I can explain more if necessary a little later
and where do you put the limit then? 1 SH? 10 SH? 100SH?

S attacker will just buy enough SHs to fool the client and control the network
Pages:
Jump to: