Topic: "Failure to Understand Bitcoin Could Cost Investors Billions" (Bitcoin's flaws) - page 15. (Read 43212 times)

ASIC resistant coins like Protoshares for example just end up with people running server farms of hyperthreaded multicore CPUs.  In the end you end up with the same problem though perhaps not as stark.

Thank you for the appreciation.

It appears to me that Bitcoin will be around and growing for a long time, assuming that all the exchanges and miners can be brought into control of the government, which appears to be what is occurring now. After these controls are in place, then it can be allowed to go out to the masses. I believe this pause in the price rise coincides with the time needed to make this transformation.

For as long as Bitcoin is really just a dollar (e.g. most merchants use something like Bitpay instead of receiving Bitcoins they receive fiat), then control over the exchanges (including localbitcoins which I noticed is ramping up KYC compliance) is sufficient control to tax everyone.

How else would you cash out anonymously?

All the anonymity I could add to a coin wouldn't stop the government from knowing if you still cashed out via an exchange which is required to report to the government your identity. There would still be other uses of the anonymity, such as government and others wouldn't necessarily know all the details of your coin spends that were to entities that don't know your identity.

Thus we need to aim for a coin that becomes the unit-of-account for its sub-economy, i.e. I am suggesting the Knowledge Age may produce a bifurcated economy-- the physical and the virtual commerce. If we keep our coins and used them to spend in the virtual economy instead of exchanging them for dollars, then we would create this bifurcated economy with a unit-of-account which is not the dollar.

The coming confiscations in the physical economy will motivate the virtual economy to break away, since it is a much more productive sector and doesn't want to be retarded by the dying industrial age (e.g. massive manufacturing overcapacity in China).

I don't think Bitcoin is best suited to match the needs of this virtual economy. Bitcoin lacks ZERO transaction fees. Why should we pay for transactions in this new virtual economy when we don't need to and it is actually detrimental as I explained upthread. Bitcoin lacks always-on-by-default strong anonymity. Bitcoin doesn't keep pools small to keep transaction processing highly decentralized. Etc...........

I really appreciate challenges of this quality. Thank you.

A fundamental tenet of investing is buy low, sell high. So if we view these coins as investments, we would expect the larger holders to cash out on price rises, and buy back in on dips. And generally to lighten holdings as price trends higher. Because the wealthy could get trapped in an illiquid investment if they end up owning most of it at a very high valuation.

Also if we view these coins as cash, we would expect the wealthy would not hold most of their wealth in cash.

However, if we view a coin as the money system of society and we view control over the coin akin to control of a central bank, then we can expect the wealthy to obtain the majority of the shares of the central bank. As far as I know, this is in fact what they did in the Bank of England and the creation of the U.S. Federal Reserve.

If there was some profit to be made from processing blocks in PoS, then there would be a profit motive for obtaining more shares in the currency. Otherwise, the interest in monopolizing PoS shares will only come when the currency is a dominant political and economic factor in the real economy. At that point, the wealthy buy up say 50 - 80% of the shares, then the remaining shares become the cash in the economy and the wealthy hold their shares as if they are shares in a central bank. The point is that nobody will sell off the currency at this point because it is the dominant one. At that point, you are right back to a fiat system. Buying up that 50 - 80% share would likely drive the price higher, thus further cementing the dominant role in the economy and the lust to hold it. If they do this as a transfer of dollars to the coin, i.e. hyperinflation of the dollar, then there is no dollar to return to any more.

I rather think they will long before that take control of these PoS systems with the much easier (less drastic) route of tax and regulation. Since I am looking at the design of how anonymity is achieved by integration with PoW mining (and that is a hint about my secrets), I am doubting that PoS anonymity can be made as strong. Thus PoS will be more susceptible to this form of government takeover.

Also I think PoS will be insecure at all times, because the ordering of who is selected to process a block can be gamed, e.g. who selects the initial seed of the pseudo-random generator and who selects the ids of the shares.


How do you dilute the shares of the wealthy who will otherwise own all wealth due to guaranteed ROI of usury backstopped by their control of government and that they don't spend their wealth on consumption?

Additionally I have explained above how I think PoS devolves to a fiat which I explained is a vacuous form of security if the threat is the boogeyman of fiat (thus Paypal, VISA, and Mastercard), thus only PoW is decentralized. And I also explained upthread why I think funding PoW from transaction fees destroys its decentralization. Thus only perpetual new coins will sustain PoW.

But the really big marketing problem with PoS is how to distribute the new currency in the startup phase to maximize interest and adoption? Adam Beck discussed that towards the end of this interview:


By distributing new coins via mining, miners are motivated because they can compete to gain a more competitive ranking in the coin ownership. If the PoW is cpu-only as Bitcoin was when half of its coins were mined, can potentially get the entire population excited about mining.

How can PoS attain similar marketing and adoption?

I have already explained three times upthread that Zerocoin can not work and unlikely to work efficiently and with sufficient confidence any time soon.

https://bitcointalksearch.org/topic/m.5097342
https://bitcointalksearch.org/topic/m.5128980

It is not soon to be released. If someone releases in an altcoin as it currently stands, it will have egregious efficiency and confidence issues. Nobody has yet figured out how to make it efficient enough to work.

It doesn't appear to be a trivial problem that will be solved any time soon. And even if so, the crypto is too new and exotic to trust for at least another 5 - 10 years of cryptographers trying to crack it.

Whereas, the always-on-by-default anonymity that I have envisioned is based on a well known information theoretic security model (a hint about my secrets).

---

Edit: Adam Beck mentioned some related new work coming soon, and I believe it might this yet to be published Zerocash. In that linked list of prior publications appear to be work related to CoinWitness.

When the price increase there is a huge selling pressure on those who have the largest stakes. That can be seen with Bitcoin where there is a 17% dishoarding rate every doubling and also with NXT for instance (https://bitcointalksearch.org/topic/m.5098747).

Basically the more adoption, the more the stakes are decentralized, the less trust is needed. Price increase (i.e time) is a force of decentralization.

And I don't see how the fact that you cannot distribute new coins is relevant to the security issue.

This does not contribute to the topic, but as my first post, I want to say that I'm truly amazed of the quality of this community. In fact, I think many contributers here are more serious than the players of the world economy. It's incredible that people like rpietila puts such an effort into the bitcoin economy, maybe even more than what they really need to earn money. What you are doing here is building the foundation for the future of the whole world economy, which will hopefully be much more fair and legit than what it is today. Bitcoin might not be the right cryptocurrenciy, but it will probably stay in use for a couple of years till this community has settled upon what to do next.

Thank you all for doing what you're doing!

How about Zerocoin? Soon to be released

http://spar.isi.jhu.edu/~mgreen/ZerocoinOakland.pdf

Someone way more versed in crypto than me will have to be judge of that

Excellent reply. If someone disagrees, he does not understand the issue.

Is the anything that can be done, except that the value of the liberty-loving people descends to a maze of altcoins, which are constantly changing and whose conversions are trustless with p&p exchanges?

I don't believe PoS (proof-of-stake) is secure and it is inherently top-down control not decentralized crypto-currency. See my upthread explanations linked as follows. I have deleted your post, because you quoted the entire OP and only wrote the one sentence above.

https://bitcointalksearch.org/topic/m.5033780
https://bitcointalksearch.org/topic/m.5111679
https://bitcointalksearch.org/topic/m.5114040
https://bitcointalksearch.org/topic/m.5114084
https://bitcointalksearch.org/topic/m.5115441
https://bitcointalksearch.org/topic/m.5115547

---

The problem is where does the entropy for the randomness of sequence come from in non-PoW schemes?

In PoW, the decentralized entropy is coming from the DECENTRALIZED hashrate that is randomly selecting nonces to compute as trialed block solutions until one is found. There is no need to invoke trust nor reputation.

Unfortunately non-PoW schemes have no way to generate that randomness, e.g. the seed for the pseudorandom generator will always derive from some top-down vote or reputation factor. The ordering will always be low-entropy, top-down voting, trust, and reputation. This is inherently top-down and centralized. This will put us right back at fiat again.

Sorry.


No matter how much these non-PoW designs obfuscate the lack of entropy in very complex design specifications, they will never solve the fundamental mathematical issue. Because there is no mechanism for the decentralized entropy to be generated.

I thought very deeply about this and it is why I abandoned my own proof-of-diskspace design.

I need some expert mathematicians to work on proving this assertion more formally.

I am very sorry to have to spill the bad news on this. It means many people are going to be angry at me. Sorry.

PoW is the genius of Satoshi's contribution. That is the one aspect we can't discard.

---

Security by top-down control and reputation is fiat. That isn't the type of security that I want. I want security from decentralized high entropy where no one can take control of the system.

Without competition in mining, there is no way to select who to give new coins (or demurrage in Freicoin) to that isn't inherently controlled top-down, i.e. fiat. Then you still need socialism to take from the rich and give to the poor. Because the fact of life is that wealth is power-law distributed [1] because the wealthy spend only a small fraction on their personal expenses. So eventually with usury the wealthy own 100%. Thus you need a way to redistribute wealth else society fails into a Dark Age. The socialism way of redistribution can be gamed by the wealthy who buy the government. Thus decentralized competition through PoW mining is the only way to fix the problem that has been plaguing society during the entire history of mankind since Mesopotamia.

[1] Dragulescu & Yakovenko. Exponential and power-law probability distributions of wealth and income in the United Kingdom and the United States

You are likely correct that if an altcoin has stronger anonymity then perhaps governmental actors may want to consider a 50%+ attack.  The solution is PoS.  I'm not sure what you mean by "current proof-of-stake can't redistribute new coins to masses & I posit it isn't secure"  The security aspect seems to be currently working ok for Nxt.  The distribution issue is purely an economics problem and since any crypto is easily copied what's the problem with distribution?

I hope you can achieve this, it's sorely needed.


Also, I didn't know about TimeKoin.  I was investigating cryptocoins that eliminate mining and was thinking it might be a good idea simply to allow a randomly selected user to create the next block.

There is also Emunie, which works by rewarding prior work with newly minted coins, i.e, it pays wages.  It also attempts to peg the price of the coin to the US$ or basket of commodities.  It's also closed-source, so its not really an option for adoption, but I found it interesting.

The variations in terminology are attempt by academics to classify different symptoms and manifestations of what I believe to be the same underlying disease. I want to go to root disease which is the power vacuum created by the fact that society demands leaders and can't find an equilibrium that is decentralized and leaderless.

I believe if you take away the ability of leaders to tax, they won't be able to give society what society demands they give them. And I believe this will be check on the power of the power vacuum. The tax will be voluntary, so they can't go exceeding the Laffer limit and voting will be done decentralized opt-out rather than "winner takes all" elections. I believe local communities can be more fair (people know each other personally) and work together on community funded projects.

I am very sleepy so the above is not my best possible prose and explanation.

Also I am running out of time to be sitting always in this thread to answer. Will eventually need to let it go.

Hopefully I've made my main points clear enough.

Here on links on the IMF plans for confiscation:

http://www.globalresearch.ca/the-international-monetary-fund-lays-the-groundwork-for-global-wealth-confiscation/5354553
http://www.zerohedge.com/news/2014-02-12/europe-considers-wholesale-savings-confiscation-enforced-redistribution

Botnets can be muted significantly by requiring 16GB of memory. One tradeoff is that makes mining not instantly accessible to users who don't have that much memory installed.

Another strategy is to require say 4GB memory and hope this causes those whose computers are in a botnet to notice their computer is running slow and paging virtual memory to disk.

Botnets become less of a problem as the number of legitimate cpu miners increases, because the botnets are being sourced from the same supply of total PCs in the world. Eventually legitimate cpu miners will far outweigh the botnets, so can gradually relax the memory requirements to fit the average PC.

I wrote in the OP that pool sizes must be limited. I am not going to tell you now the secret way to do it.


Impaler and I discussed that. I decided it is untenable basically because it requires top-down control in order to generate and verify the captchas.

I studied Timekoin and concluded that the order of selection of the peers is not secure. It is the same entropy issue that I mentioned upthread for PoS. If you have a better whitepaper now than when I researched it Spring 2013, I will read to see if it deals with that question of randomized ordering in a way that satisfies my concerns?

Also, I think you are using the terms 'socialist', 'collectivist', etc. improperly.  There are anarchic forms of these political philosophies, which many believe are the ligit ones.

What you are referring to are the centralized, statist forms.  'State capitalism' is the preferred term for the system practiced in the former soviet union. 

Crony capitalism, what many believe we are now suffering from, is very closely related to state capitalism.  It masquerades as a 'free market', but is composed of what are essentially state-sponsored monopolies.

It would not even need to an Altcoin because it just a different mutation of the original Bitcoin when you get down to the core. There is already a digital currency that does all this, but you won't hear about it outside the bitcoin bubble unfortunately. 

I don't see how verifiable CPU-only mining solves the processing power advantage in mining.  Pools, farms, and botnets can still be used get an advantage.

Don't you need to enforce a "one connection per person please" policy somehow?  If there's a mathematically rigorous way to do this of course that's the way to go.

I was thinking that the network might require a user to solve a capcha to connect and timing out the connection after a few hours (probably already has been proposed).  I know, this is terrible idea but it might be effective at keeping the mining egalitarian, which I think is what you are aiming at.

Adam admitted that Bitcoin's fungibility model is fundamentally flawed and broken!

He mentioned some potential forthcoming research on zerocoin improvements but (in agreement with what I wrote upthread) that zerocoin was not practical now and probably not any time soon.

Adam explained that the 'mutable' option of Getblocktemplate allows pool miners to configure their own blocks thus claiming this reduces some centralization risk. However, mutable transaction blocks is not compatible with the oblivious shares fix for Share Withholding (Block Withholding) attack. Thus this feature can be defeated by those who want to force centralization. Rather my altcoin proposal is strong IP anonymity on by default which allows including the oblivious shares fix.

Adam claimed blind commits could help reduce centralization risks, but I found his argument to be flawed in several ways, some of which he admitted.

My analysis thus far is that "strong IP anonymity on by default" is a holistic solution with much fewer caveats.

Adam fears a strong altcoin because he said this will destroy the principle of limited supply of coins. I think he should accept a free market result, because a fundamental theorem of Coasian economics is that resisting the free market will only make a worse outcome later. I don't share his fear of an exploding supply of crypto-coins, because there are only a few (or maybe only one) design that can really be serious and overwhelming better. The market will recognize that the supply of truly better designs is limited.

I appreciate very much the fact checking peer review.

Perhaps you do not understand well the "Share Withholding Attack" which is called Block Withholding in Meni Rosenfeld's whitepaper in the context of the decentralized pool case. And Rosenfeld's says "Sabotage" gives no benefit to the attacker. That is not correct in the decentralized case, because there is no way to hide the transactions and block details from the attacker for a decentralized pool (because there is no centrally trusted entity to hold the secret until the block solution is found), thus the attacker can submit the block solutions as his own (never giving them to the P2Ppool) and receive all the coin rewards instead of sharing them with the P2Ppool. In the decentralized P2Ppool case, each peer must adds its payout address thus the block has being calculated is different for each peer. The attacker will give to the P2Ppool the shares that are not block solutions, thus parasiting by receiving a portion of the coin rewards gained from the hash rate of the other peers in the pool when the block solution is found by other peers, but not reciprocating because the attacker keeps the coin rewards for block solutions he finds all to himself.

Please let me know if that caused you to understand, or if you still disagree?

A very thorough explanation which layman could grasp would take me a day or days to produce. I would need graphical illustrations as well.


Perhaps so for Bitcoin because the government has an easier way to attack, yet if Bitcoin's coin taint anonymity is ever fix (see upthread the interview with Adam Back) the 50+% attack comes back to prominence. And for the proposed altcoin, the 50+% attack needs to be analyzed because the government loses some (most or all?) of its ability to attack with regulation due to the strong anonymity.