Topic: Decrits: The 99%+ attack-proof coin - page 26. (Read 45353 times)

and what happens when they are corrupted?

you really don't understand the sybil attack do you?

Is it not the same for bitcoin? One person will eventually win the lottery by finding a winning block. His view of the network is accepted as "the" view. Although in reality it is actually just a few pools that can make that determination and can easily collude. Perhaps pools give you warm fuzzies, but they are far less decentralized than the system I propose.


Absolutely, unequivocally, not. I specifically noted how the random order would be determined to help you understand this. The Consensus Block only exists if it is agreed on by all SHs. The reason why I designed the consensus period to be so long is so that a) SHs do not have to constantly monitor the network (they only need to be online around the time in which they have to create a TB), and b)


to give an ample window of time to organize the Transaction Block chain so that whoever is going to provide a TB or CB signature (if they missed their TB or had their TB dropped by the CN or other SHs) has the opportunity to do so. I did not cover the Transaction Block chain in the OP because it starts getting into the very technical details of network security, which I have already promised Ukigo that I will detail soon.

There are only two reasons why consensus of the network can not be reached:

1) EvilCorp. owns a significant amount of shares and is trying to make it look like TheGoodGuys are not attempting to reach consensus. This is thwarted by the larger and more diverse CN, as well as CNCs and SPs, watching network activity. They will refuse to acknowledge newer blocks that have not acknowledged previous blocks. This is not a hard and fast rule, it is determined by the will of the entire network. The longer you wait to acknowledge a TB that has propagated, the more likely your TB will fail. The only way to get around this is to also control the vast majority of the CN, and really, a large portion of the CNCs/SPs as well. At this point you are just playing with yourself. Don't forget that this will also require a not insignificant percentage of all the coins in existence.
2) Internet infrastructure goes down/governments block outside access/specifically target decrits. These are all solved by meshnet technology. While it's easy to say "it will be solved in the future", this is not a problem the network can fix, though of course it will have ways to recover from minor and even major splits, but only if they are reasonably temporary*. And even for an extended period people locked out of the network only need to get through a few dozen bytes to maintain consensus.

edit: * - Reasonable is a fairly long time, on the order of 10-30 CDs depending on how it finally ends up working out and how strong of a possibility this really seems (not that likely, but China for example could be a problem with its history).

this system smells fishy. ONE person decides what the outcome will be, and decides who will be next to make a decision? and SH that not agrees will loose their deposits.

you assume SHs agrees. which i assure you, they will not.

SHs are assigned in random orders* to produce Transaction Blocks that cover specific 10 second periods in each CB. The transaction that wins will be based on which SH is the next to create a TB after the transactions have propagated. This is the basis for 5-15 second confirmations.

* - The "random" order is changed by the hash of the 100% SH signature consensus (or less than 100% with unsigning SHs losing their deposit--section 1.B.ii) of the prior CB.

lets say that we have 4 SHs. and 3 addresses, A with 10 "coins", and B and C with 0 "coins" each.

SH_1 receives a incoming transaction saying that A transfers 10 coins to B, TX(A->B).
SH_2 receives a incoming transaction saying that A transfers 10 coins to C, TX(A->C).

SH_3 have a incentive to support TX(A->B), for some irrelevant reason.
SH_4 have a incentive to support TX(A->C), for some irrelevant reason.

which transaction wins?

There isn't a concept of "double spending" in Decrits because coins are not tracked individually, they are tracked by account balances (instead the concept is "bad spends"--spends that would take your account below zero, or in a SH's case, below 3,000). Every blinded transaction has an equal opportunity to any of the coins in the SH's account until it goes below the share size. Knowing S does not unrepudiate the transaction. The Decrits network will not just ignore this like Bitcoin does. There is no retribution for acknowledging it in Bitcoin though so it is not *completely* necessary (though the current implementation is rather bone-headed from a merchant's standpoint), whereas in Decrits the offending SH will be penalized.

AU2 which is accutually BS, double spends the transaction. because it know secret S, from the broadcast.

It's also something any non-pyramidal cryptocurrency will provide. Will businesses choose the volatile rollercoaster of bitcoin? Or would they prefer something that is stable and immune to fiat inflation? When businesses can hold cryptocurrency without volatility, it will encourage them to find ways to use it outside of fiat, thus expanding the real value of the economy. Immediately cashing back to fiat does not expand this value--it makes for digital hot potatoes.

"If people are concerned about trolling, SHs with at least 1 year of service may be an option or a requirement to blind transactions."

It does not solve the problem, but it makes the troublemakers have to spend a lot of time and effort to lose 500 DCR and the greater profitability of being a SH for an extended period. The bigger the penalty, the less money that can be blinded, so a trade-off must be made. It isn't a perfect system, but it should be an acceptable risk.



AU sends B(S) to the network where every other SH will see it as a valid transaction and add it to his TB.


BS can not claim that the secret has been used without the unblinded transaction being published and debited from his account. As I have said multiple times, if more transactions signed by BS come in that would bring him below his share requirement, there is proof of fraudulent activity. On an individual tx basis it will not be possible to prove fraud, but as a whole it can be detected and punished.


Both lose, but BS* loses more (and less than the early withdrawal penalty) and SH reputation. There is no rational reason to do this.

edit: sorry originally typed AU

Exactly, businesses need stable cash flows. Bitcoin will not replace the USD or any other currency anytime soon, thats just reality.

When Bitcoins becomes the obvious, defacto standard for all transactions (after the shit REALLY hits the fan), dollars will be worthless pieces of paper. Hell, we might be so fucked at that point that we go back to the stone age - before currency was even invented, where we just traded shit. Maybe Nuka-Cola caps will be worth more than Bitcoins. Who knows what that world will be like.

That will all happen very quickly when it does happen, but that time is far, far in the future from now.

Right now, businesses need to pay their rent and power bills in USD, Euros, or some other local currency. That isnt changing for years if not decades.

For these businesses, they can add a lot to their bottom line by accepting BTC or LTC and converting them into fiat immediately.

That helps the business, it helps the cryptocurrency, and it stimulates the overall economy. Its a win-win-win, thats what Im trying to explain.

If you need a further explanation, read here:

http://fallout.wikia.com/wiki/Nuka-Cola

so all addresses must be some how be under centrally control?

consider this:
BS is a blind signing bank.
AU is anonymous user.

AU creates a secret S and blinds it with a key K, and now have a message called K(S).
AU pays BS to blind sign K(S), and receives B(K(S)) back.
AU then unblinds B(K(S)): K^-1(B(K(S))) = B(S).
AU sends B(S) to BS and asks for it to be paid out.
BS have now S denies to pay out, claiming that the secret S have already been used.
AU is scammed without being able to proof it, BS can always show that it knows S and therefor that it has been "used".
BS wins, AU loses.

What if SH decides to lose 3,000 just to be able to compromise the system? Any defense against such a situation?

There is no plausible deniability to a non-repudiated digital signature, blind or otherwise. That is a basic tenet of digital signatures. A transaction arriving that brings the SH's account below 3,000 DCR is proof that the SH has stolen or is attempting to steal money. The SH could sign the 2,500 DCR worth of transactions, cash them all out immediately, and when any of the legitimate unblinded txes come in, the fraud will be revealed with proof for all to see, and the SH will lose the 3,000 deposit.

You either don't understand or are unwilling to understand the concept. The SH can not just cash money out whenever he wants, there are specific rules associated with being a SH: number one among them being that the share money is locked for a period of 1 year. Anything above that amount (including tx fee payments) may be cashed out. Going below that amount is violating a rule of the network like trying to award 100 coins to yourself in a bitcoin coinbase transaction. No one honest will accept it. The system I have described is viable. If people are concerned about trolling, SHs with at least 1 year of service may be an option or a requirement to blind transactions.

this cannot be done securely. the SH can steal the deposited money without any proof of doing so, due to the anonymity of the receiver and plausible deniability of blind-sig.

im convinced now, you really don't know what you are talking about.

Did you read the post I linked right after that sentence?

"Actually, I thought about it a bit more, and specifically under the Decrits system this would be possible because of the shareholder system.

Users blind their transactions and shareholders add them to a blind sig queue. Once there are enough in the queue (decided by the protocol, say 50 or so txes), a shareholder will sign all of them and have the coins deposited to his shareholder stake.[..] You have the slight chance of getting boned if the shareholder removes his share,"

While this is true, there is a non-gameable way to ensure this is a waste of time and money. The penalty for seeing more withdrawals than allowed (when the blind signees come to get their money) is bigger than the gain made by stealing money. For example, if a SH has a 3,000 DCR deposit, he will only be allowed to blind sign 2,500 DCR which will be added to his stake. If a transaction places his stake below 3,000 DCR, he will lose 3,000 DCR for a net of -500 and all reputation associated with his SH (3 years potentially down the drain). An "early withdrawal" penalty would be say 250 DCR, so it is also not a profitable avenue over just taking that penalty.


Yes, yes I do know what I am talking about.

you do know that blind signing can not be done without a central authority, and a person cashing out would therefor have to use a laundry service.


you really don't know what you are talking about do you?

I was actually planning on making a point about this in accepting the bet, but talk is cheap, you will be proven wrong.


As I said, no one is holding your money, the network has only agreed to change the state of it.

do you see your fail now?


your system is huge , complex and failish, there is alot of stuff that could and will go wrong. you are giving the power of the system to the devs(central control) from the start. and you cannot buy in with out all current SH agrees. and no one hold my money, and the network cannot do such a task without central control, or the possibility of fail.

bitcoin is different: anyone can buy hardware to mine, no one have(or can ever gain) absolute veto rights.

now give me my btc: 13MXCTA2CPYbREMqNaf5VK2ArSc3QYm8cc

Hay look, questions! Your money is digital bits on the internet, it doesn't go anywhere. But as far as how the money is represented in those bits, well the simplest way to explain that is that it moves from one ledger--general accounts--to another--shares.


Yes and theoretically yes. While I haven't gone deep down into the number-crunching hole of figuring out desirable ratios of SHs to say, people on Earth, suffice it to say that it will require massive amounts of monetary control over the network before being able to embark on such a proposition. Because the production of money is unbounded (and currency distributed randomly), obtaining this type of control will be difficult if not impossible.

Additionally, controlling >50% of the consensus does not give you supreme control over the network. You can't rewrite history, you can't make bad spends (a spend transaction for more money than is in an account), you can't even drop transactions or other SHs' Transaction Blocks because the Cloudnet, and the everyday peer, is watching. You would need to control a large portion of the consensus, a massive portion of the Cloudnet, restrict all SP communication, etc. to keep a lid on any nefarious activities. And unless all the good guys just legitimately quit, there will be the problem of a big hole in the consensus that *everybody* knows about.


There will be a bootstrapping process. The last part of that bootstrapping process before beginning the live network will be giving out something like 50-100 shares to people who have contributed to the project on the condition that they must perform the SH duties for at least 3 years before cashing out, or the entire share will be void (this will be maintained by the network). A similar deal but less restrictive for giving away CNP shares to hundreds or a few thousand that must be maintained for 1 year. There will be bonuses to minting (perhaps 5-10x) and share prices can be purchased at discounted prices (such as 1/3rd) during the live bootstrap, these bonuses will slowly evaporate as the bootstrap process comes to an end--3 years is what I've been using in my notes as the live bootstrap period.

This is a misguided notion of Decrits, and I understand where you're coming from because my initial proposals for Encoin tried to force stability. Decrits will only attempt to maintain a stable cost to produce the currency. This has many different implications, almost all of which I think are better for a healthy currency than attempting to enforce stability. But that's a long-winded discussion of economics.


This is a silly presumption. Bitclones will not be the only implementation of cryptocurrency ever.


One that I believe is a crucial failure if you expect BTC to replace fiat. All those notions of liberty and freedom go right out the window when bitcoins offer little reprieve from fiat.


Holding coins is for people that live in mommy's basement. Businesses need stable cash flows, and bitcoin will not provide that.