Pages:
Author

Topic: "Failure to Understand Bitcoin Could Cost Investors Billions" (Bitcoin's flaws) - page 15. (Read 43254 times)

legendary
Activity: 3766
Merit: 5146
Note the unconventional cAPITALIZATION!
By distributing new coins via mining, miners are motivated because they can compete to gain a more competitive ranking in the coin ownership. If the PoW is cpu-only as Bitcoin was when half of its coins were mined, can potentially get the entire population excited about mining.

How can PoS attain similar marketing and adoption?

ASIC resistant coins like Protoshares for example just end up with people running server farms of hyperthreaded multicore CPUs.  In the end you end up with the same problem though perhaps not as stark.
hero member
Activity: 518
Merit: 521
Bitcoin might not be the right cryptocurrenciy, but it will probably stay in use for a couple of years till this community has settled upon what to do next.

Thank you all for doing what you're doing!

Thank you for the appreciation.

It appears to me that Bitcoin will be around and growing for a long time, assuming that all the exchanges and miners can be brought into control of the government, which appears to be what is occurring now. After these controls are in place, then it can be allowed to go out to the masses. I believe this pause in the price rise coincides with the time needed to make this transformation.

For as long as Bitcoin is really just a dollar (e.g. most merchants use something like Bitpay instead of receiving Bitcoins they receive fiat), then control over the exchanges (including localbitcoins which I noticed is ramping up KYC compliance) is sufficient control to tax everyone.

How else would you cash out anonymously?

All the anonymity I could add to a coin wouldn't stop the government from knowing if you still cashed out via an exchange which is required to report to the government your identity. There would still be other uses of the anonymity, such as government and others wouldn't necessarily know all the details of your coin spends that were to entities that don't know your identity.

Thus we need to aim for a coin that becomes the unit-of-account for its sub-economy, i.e. I am suggesting the Knowledge Age may produce a bifurcated economy-- the physical and the virtual commerce. If we keep our coins and used them to spend in the virtual economy instead of exchanging them for dollars, then we would create this bifurcated economy with a unit-of-account which is not the dollar.

The coming confiscations in the physical economy will motivate the virtual economy to break away, since it is a much more productive sector and doesn't want to be retarded by the dying industrial age (e.g. massive manufacturing overcapacity in China).

I don't think Bitcoin is best suited to match the needs of this virtual economy. Bitcoin lacks ZERO transaction fees. Why should we pay for transactions in this new virtual economy when we don't need to and it is actually detrimental as I explained upthread. Bitcoin lacks always-on-by-default strong anonymity. Bitcoin doesn't keep pools small to keep transaction processing highly decentralized. Etc...........
hero member
Activity: 518
Merit: 521
I don't believe PoS (proof-of-stake) is secure and it is inherently top-down control not decentralized crypto-currency. See my upthread explanations linked as follows. I have deleted your post, because you quoted the entire OP and only wrote the one sentence above.
When the price increase there is a huge selling pressure on those who have the largest stakes. That can be seen with Bitcoin where there is a 17% dishoarding rate every doubling and also with NXT for instance (https://bitcointalksearch.org/topic/m.5098747).

Basically the more adoption, the more the stakes are decentralized, the less trust is needed. Price increase (i.e time) is a force of decentralization.

I really appreciate challenges of this quality. Thank you.

A fundamental tenet of investing is buy low, sell high. So if we view these coins as investments, we would expect the larger holders to cash out on price rises, and buy back in on dips. And generally to lighten holdings as price trends higher. Because the wealthy could get trapped in an illiquid investment if they end up owning most of it at a very high valuation.

Also if we view these coins as cash, we would expect the wealthy would not hold most of their wealth in cash.

However, if we view a coin as the money system of society and we view control over the coin akin to control of a central bank, then we can expect the wealthy to obtain the majority of the shares of the central bank. As far as I know, this is in fact what they did in the Bank of England and the creation of the U.S. Federal Reserve.

If there was some profit to be made from processing blocks in PoS, then there would be a profit motive for obtaining more shares in the currency. Otherwise, the interest in monopolizing PoS shares will only come when the currency is a dominant political and economic factor in the real economy. At that point, the wealthy buy up say 50 - 80% of the shares, then the remaining shares become the cash in the economy and the wealthy hold their shares as if they are shares in a central bank. The point is that nobody will sell off the currency at this point because it is the dominant one. At that point, you are right back to a fiat system. Buying up that 50 - 80% share would likely drive the price higher, thus further cementing the dominant role in the economy and the lust to hold it. If they do this as a transfer of dollars to the coin, i.e. hyperinflation of the dollar, then there is no dollar to return to any more.

I rather think they will long before that take control of these PoS systems with the much easier (less drastic) route of tax and regulation. Since I am looking at the design of how anonymity is achieved by integration with PoW mining (and that is a hint about my secrets), I am doubting that PoS anonymity can be made as strong. Thus PoS will be more susceptible to this form of government takeover.

Also I think PoS will be insecure at all times, because the ordering of who is selected to process a block can be gamed, e.g. who selects the initial seed of the pseudo-random generator and who selects the ids of the shares.

And I don't see how the fact that you cannot distribute new coins is relevant to the security issue.

How do you dilute the shares of the wealthy who will otherwise own all wealth due to guaranteed ROI of usury backstopped by their control of government and that they don't spend their wealth on consumption?

Additionally I have explained above how I think PoS devolves to a fiat which I explained is a vacuous form of security if the threat is the boogeyman of fiat (thus Paypal, VISA, and Mastercard), thus only PoW is decentralized. And I also explained upthread why I think funding PoW from transaction fees destroys its decentralization. Thus only perpetual new coins will sustain PoW.

But the really big marketing problem with PoS is how to distribute the new currency in the startup phase to maximize interest and adoption? Adam Beck discussed that towards the end of this interview:

Adam Back discusses centralization due to pools at 25 min, regulation at 30min, and non-anonymity coin taint fungibility at 49 min:
http://letstalkbitcoin.com/e77-the-adam-back-interview/#.UuK0zWTTnrk

By distributing new coins via mining, miners are motivated because they can compete to gain a more competitive ranking in the coin ownership. If the PoW is cpu-only as Bitcoin was when half of its coins were mined, can potentially get the entire population excited about mining.

How can PoS attain similar marketing and adoption?
hero member
Activity: 518
Merit: 521
How about Zerocoin? Soon to be released

http://spar.isi.jhu.edu/~mgreen/ZerocoinOakland.pdf

Someone way more versed in crypto than me will have to be judge of that

I have already explained three times upthread that Zerocoin can not work and unlikely to work efficiently and with sufficient confidence any time soon.

https://bitcointalksearch.org/topic/m.5097342
https://bitcointalksearch.org/topic/m.5128980

It is not soon to be released. If someone releases in an altcoin as it currently stands, it will have egregious efficiency and confidence issues. Nobody has yet figured out how to make it efficient enough to work.

It doesn't appear to be a trivial problem that will be solved any time soon. And even if so, the crypto is too new and exotic to trust for at least another 5 - 10 years of cryptographers trying to crack it.

Whereas, the always-on-by-default anonymity that I have envisioned is based on a well known information theoretic security model (a hint about my secrets).


Edit: Adam Beck mentioned some related new work coming soon, and I believe it might this yet to be published Zerocash. In that linked list of prior publications appear to be work related to CoinWitness.
hero member
Activity: 518
Merit: 521
legendary
Activity: 861
Merit: 1010
I don't believe PoS (proof-of-stake) is secure and it is inherently top-down control not decentralized crypto-currency. See my upthread explanations linked as follows. I have deleted your post, because you quoted the entire OP and only wrote the one sentence above.
When the price increase there is a huge selling pressure on those who have the largest stakes. That can be seen with Bitcoin where there is a 17% dishoarding rate every doubling and also with NXT for instance (https://bitcointalksearch.org/topic/m.5098747).

Basically the more adoption, the more the stakes are decentralized, the less trust is needed. Price increase (i.e time) is a force of decentralization.

And I don't see how the fact that you cannot distribute new coins is relevant to the security issue.
newbie
Activity: 1
Merit: 0
This does not contribute to the topic, but as my first post, I want to say that I'm truly amazed of the quality of this community. In fact, I think many contributers here are more serious than the players of the world economy. It's incredible that people like rpietila puts such an effort into the bitcoin economy, maybe even more than what they really need to earn money. What you are doing here is building the foundation for the future of the whole world economy, which will hopefully be much more fair and legit than what it is today. Bitcoin might not be the right cryptocurrenciy, but it will probably stay in use for a couple of years till this community has settled upon what to do next.

Thank you all for doing what you're doing!
legendary
Activity: 930
Merit: 1010
How about Zerocoin? Soon to be released

http://spar.isi.jhu.edu/~mgreen/ZerocoinOakland.pdf

Someone way more versed in crypto than me will have to be judge of that
donator
Activity: 1722
Merit: 1036
Excellent reply. If someone disagrees, he does not understand the issue.

Is the anything that can be done, except that the value of the liberty-loving people descends to a maze of altcoins, which are constantly changing and whose conversions are trustless with p&p exchanges?
hero member
Activity: 518
Merit: 521
proof of stake is the solution to your concerns.

I don't believe PoS (proof-of-stake) is secure and it is inherently top-down control not decentralized crypto-currency. See my upthread explanations linked as follows. I have deleted your post, because you quoted the entire OP and only wrote the one sentence above.

https://bitcointalksearch.org/topic/m.5033780
https://bitcointalksearch.org/topic/m.5111679
https://bitcointalksearch.org/topic/m.5114040
https://bitcointalksearch.org/topic/m.5114084
https://bitcointalksearch.org/topic/m.5115441
https://bitcointalksearch.org/topic/m.5115547


Also, I didn't know about TimeKoin.  I was investigating cryptocoins that eliminate mining and was thinking it might be a good idea simply to allow a randomly selected user to create the next block.

The problem is where does the entropy for the randomness of sequence come from in non-PoW schemes?

In PoW, the decentralized entropy is coming from the DECENTRALIZED hashrate that is randomly selecting nonces to compute as trialed block solutions until one is found. There is no need to invoke trust nor reputation.

Unfortunately non-PoW schemes have no way to generate that randomness, e.g. the seed for the pseudorandom generator will always derive from some top-down vote or reputation factor. The ordering will always be low-entropy, top-down voting, trust, and reputation. This is inherently top-down and centralized. This will put us right back at fiat again.

Sorry.

There is also Emunie, which works by rewarding prior work with newly minted coins, i.e, it pays wages.  It also attempts to peg the price of the coin to the US$ or basket of commodities.  It's also closed-source, so its not really an option for adoption, but I found it interesting.

No matter how much these non-PoW designs obfuscate the lack of entropy in very complex design specifications, they will never solve the fundamental mathematical issue. Because there is no mechanism for the decentralized entropy to be generated.

I thought very deeply about this and it is why I abandoned my own proof-of-diskspace design.

I need some expert mathematicians to work on proving this assertion more formally.

I am very sorry to have to spill the bad news on this. It means many people are going to be angry at me. Sorry.

PoW is the genius of Satoshi's contribution. That is the one aspect we can't discard.


You are likely correct that if an altcoin has stronger anonymity then perhaps governmental actors may want to consider a 50%+ attack.  The solution is PoS.  I'm not sure what you mean by "current proof-of-stake can't redistribute new coins to masses & I posit it isn't secure"  The security aspect seems to be currently working ok for Nxt.  The distribution issue is purely an economics problem and since any crypto is easily copied what's the problem with distribution?

Security by top-down control and reputation is fiat. That isn't the type of security that I want. I want security from decentralized high entropy where no one can take control of the system.

Without competition in mining, there is no way to select who to give new coins (or demurrage in Freicoin) to that isn't inherently controlled top-down, i.e. fiat. Then you still need socialism to take from the rich and give to the poor. Because the fact of life is that wealth is power-law distributed [1] because the wealthy spend only a small fraction on their personal expenses. So eventually with usury the wealthy own 100%. Thus you need a way to redistribute wealth else society fails into a Dark Age. The socialism way of redistribution can be gamed by the wealthy who buy the government. Thus decentralized competition through PoW mining is the only way to fix the problem that has been plaguing society during the entire history of mankind since Mesopotamia.

[1] Dragulescu & Yakovenko. Exponential and power-law probability distributions of wealth and income in the United Kingdom and the United States
legendary
Activity: 896
Merit: 1006
First 100% Liquid Stablecoin Backed by Gold
...
Perhaps so for Bitcoin because the government has an easier way to attack, yet if Bitcoin's coin taint anonymity is ever fix (see upthread the interview with Adam Back) the 50+% attack comes back to prominence. And for the proposed altcoin, the 50+% attack needs to be analyzed because the government loses some (most or all?) of its ability to attack with regulation due to the strong anonymity.
You are likely correct that if an altcoin has stronger anonymity then perhaps governmental actors may want to consider a 50%+ attack.  The solution is PoS.  I'm not sure what you mean by "current proof-of-stake can't redistribute new coins to masses & I posit it isn't secure"  The security aspect seems to be currently working ok for Nxt.  The distribution issue is purely an economics problem and since any crypto is easily copied what's the problem with distribution?
newbie
Activity: 22
Merit: 4
I don't see how verifiable CPU-only mining solves the processing power advantage in mining.  Pools, farms, and botnets can still be used get an advantage.

Botnets can be muted significantly by requiring 16GB of memory. One tradeoff is that makes mining not instantly accessible to users who don't have that much memory installed.

Another strategy is to require say 4GB memory and hope this causes those whose computers are in a botnet to notice their computer is running slow and paging virtual memory to disk.

Botnets become less of a problem as the number of legitimate cpu miners increases, because the botnets are being sourced from the same supply of total PCs in the world. Eventually legitimate cpu miners will far outweigh the botnets, so can gradually relax the memory requirements to fit the average PC.

I wrote in the OP that pool sizes must be limited. I am not going to tell you now the secret way to do it.

Don't you need to enforce a "one connection per person please" policy somehow?  If there's a mathematically rigorous way to do this of course that's the way to go.

I was thinking that the network might require a user to solve a capcha to connect and timing out the connection after a few hours (probably already has been proposed).  I know, this is terrible idea but it might be effective at keeping the mining egalitarian, which I think is what you are aiming at.

Impaler and I discussed that. I decided it is untenable.


I hope you can achieve this, it's sorely needed.


Also, I didn't know about TimeKoin.  I was investigating cryptocoins that eliminate mining and was thinking it might be a good idea simply to allow a randomly selected user to create the next block.

There is also Emunie, which works by rewarding prior work with newly minted coins, i.e, it pays wages.  It also attempts to peg the price of the coin to the US$ or basket of commodities.  It's also closed-source, so its not really an option for adoption, but I found it interesting.




hero member
Activity: 518
Merit: 521
Also, I think you are using the terms 'socialist', 'collectivist', etc. improperly.  There are anarchic forms of these political philosophies, which many believe are the ligit ones.

What you are referring to are the centralized, statist forms.  'State capitalism' is the preferred term for the system practiced in the former soviet union.  

Crony capitalism, what many believe we are now suffering from, is very closely related to state capitalism.  It masquerades as a 'free market', but is composed of what are essentially state-sponsored monopolies.

The variations in terminology are attempt by academics to classify different symptoms and manifestations of what I believe to be the same underlying disease. I want to go to root disease which is the power vacuum created by the fact that society demands leaders and can't find an equilibrium that is decentralized and leaderless.

I believe if you take away the ability of leaders to tax, they won't be able to give society what society demands they give them. And I believe this will be check on the power of the power vacuum. The tax will be voluntary, so they can't go exceeding the Laffer limit and voting will be done decentralized opt-out rather than "winner takes all" elections. I believe local communities can be more fair (people know each other personally) and work together on community funded projects.

I am very sleepy so the above is not my best possible prose and explanation.

Also I am running out of time to be sitting always in this thread to answer. Will eventually need to let it go.

Hopefully I've made my main points clear enough.

Here on links on the IMF plans for confiscation:

http://www.globalresearch.ca/the-international-monetary-fund-lays-the-groundwork-for-global-wealth-confiscation/5354553
http://www.zerohedge.com/news/2014-02-12/europe-considers-wholesale-savings-confiscation-enforced-redistribution
hero member
Activity: 518
Merit: 521
I don't see how verifiable CPU-only mining solves the processing power advantage in mining.  Pools, farms, and botnets can still be used get an advantage.

Botnets can be muted significantly by requiring 16GB of memory. One tradeoff is that makes mining not instantly accessible to users who don't have that much memory installed.

Another strategy is to require say 4GB memory and hope this causes those whose computers are in a botnet to notice their computer is running slow and paging virtual memory to disk.

Botnets become less of a problem as the number of legitimate cpu miners increases, because the botnets are being sourced from the same supply of total PCs in the world. Eventually legitimate cpu miners will far outweigh the botnets, so can gradually relax the memory requirements to fit the average PC.

I wrote in the OP that pool sizes must be limited. I am not going to tell you now the secret way to do it.

Don't you need to enforce a "one connection per person please" policy somehow?  If there's a mathematically rigorous way to do this of course that's the way to go.

I was thinking that the network might require a user to solve a capcha to connect and timing out the connection after a few hours (probably already has been proposed).  I know, this is terrible idea but it might be effective at keeping the mining egalitarian, which I think is what you are aiming at.

Impaler and I discussed that. I decided it is untenable basically because it requires top-down control in order to generate and verify the captchas.
hero member
Activity: 518
Merit: 521
Bitcoin Killer Altcoin

The Bitcoin killer will thus have at least the following features.

  • provably cpu-only mining with botnet resistance (current proof-of-stake can't redistribute new coins to masses & I posit it isn't secure)
  • built-in anonymity (to minimize non-anonymous users)
  • small, reasonable perpetual debasement
  • zero transaction fees (with economic transaction spam resistance)
  • economically limited pool sizes
  • oblivious shares
  • selfish-mining fix
  • mini block-chain design
  • faster 1-confirmation block chain, e.g. 1 minute instead of Bitcoin's 10 min delay, if the orphan rate can be contained
It would not even need to an Altcoin because it just a different mutation of the original Bitcoin when you get down to the core. There is already a digital currency that does all this, but you won't hear about it outside the bitcoin bubble unfortunately.  Sad

I studied Timekoin and concluded that the order of selection of the peers is not secure. It is the same entropy issue that I mentioned upthread for PoS. If you have a better whitepaper now than when I researched it Spring 2013, I will read to see if it deals with that question of randomized ordering in a way that satisfies my concerns?
newbie
Activity: 22
Merit: 4
Also, I think you are using the terms 'socialist', 'collectivist', etc. improperly.  There are anarchic forms of these political philosophies, which many believe are the ligit ones.

What you are referring to are the centralized, statist forms.  'State capitalism' is the preferred term for the system practiced in the former soviet union. 

Crony capitalism, what many believe we are now suffering from, is very closely related to state capitalism.  It masquerades as a 'free market', but is composed of what are essentially state-sponsored monopolies.

sr. member
Activity: 308
Merit: 258
Bitcoin Killer Altcoin

The Bitcoin killer will thus have at least the following features.

  • provably cpu-only mining with botnet resistance (current proof-of-stake can't redistribute new coins to masses & I posit it isn't secure)
  • built-in anonymity (to minimize non-anonymous users)
  • small, reasonable perpetual debasement
  • zero transaction fees (with economic transaction spam resistance)
  • economically limited pool sizes
  • oblivious shares
  • selfish-mining fix
  • mini block-chain design
  • faster 1-confirmation block chain, e.g. 1 minute instead of Bitcoin's 10 min delay, if the orphan rate can be contained
It would not even need to an Altcoin because it just a different mutation of the original Bitcoin when you get down to the core. There is already a digital currency that does all this, but you won't hear about it outside the bitcoin bubble unfortunately.  Sad
newbie
Activity: 22
Merit: 4
I don't see how verifiable CPU-only mining solves the processing power advantage in mining.  Pools, farms, and botnets can still be used get an advantage.

Don't you need to enforce a "one connection per person please" policy somehow?  If there's a mathematically rigorous way to do this of course that's the way to go.

I was thinking that the network might require a user to solve a capcha to connect and timing out the connection after a few hours (probably already has been proposed).  I know, this is terrible idea but it might be effective at keeping the mining egalitarian, which I think is what you are aiming at.




hero member
Activity: 518
Merit: 521
Adam Back discusses centralization due to pools at 25 min, regulation at 30min, and non-anonymity coin taint fungibility at 49 min:
http://letstalkbitcoin.com/e77-the-adam-back-interview/#.UuK0zWTTnrk

Adam admitted that Bitcoin's fungibility model is fundamentally flawed and broken!

He mentioned some potential forthcoming research on zerocoin improvements but (in agreement with what I wrote upthread) that zerocoin was not practical now and probably not any time soon.

Adam explained that the 'mutable' option of Getblocktemplate allows pool miners to configure their own blocks thus claiming this reduces some centralization risk. However, mutable transaction blocks is not compatible with the oblivious shares fix for Share Withholding (Block Withholding) attack. Thus this feature can be defeated by those who want to force centralization. Rather my altcoin proposal is strong IP anonymity on by default which allows including the oblivious shares fix.

Adam claimed blind commits could help reduce centralization risks, but I found his argument to be flawed in several ways, some of which he admitted.

My analysis thus far is that "strong IP anonymity on by default" is a holistic solution with much fewer caveats.

Adam fears a strong altcoin because he said this will destroy the principle of limited supply of coins. I think he should accept a free market result, because a fundamental theorem of Coasian economics is that resisting the free market will only make a worse outcome later. I don't share his fear of an exploding supply of crypto-coins, because there are only a few (or maybe only one) design that can really be serious and overwhelming better. The market will recognize that the supply of truly better designs is limited.
hero member
Activity: 518
Merit: 521
There is a much easier way for the government to take over Bitcoin than 51% attack and selfish mining. Simply tax the coin and per footnote [2] all coin is tainted regardless if you used Tor or not, so in effect regulate every pool and exchange. Regulation can accomplish much of the same goals as takeover. Then later the large corporations beholden to the government buyout the pools and exchanges, and then the drift towards cartels and corporate-fascism.
Don't you think that P2P mining pool can solve the problem of regulation or big corporations takeover?

Definitely not since it is so easy for the centralized pools to have their miners compute shares for a competing P2Ppool but withhold block solutions from the P2Ppool (and submit them for themselves) thus parasiting the P2Ppools of revenue while not impacting the revenue of the centralized pool. So centralized pools which wanted to eliminate P2Ppools could do so (in theory).

...
That doesn't sound right at all.  A solution with a different payout address would no longer be valid.  Also they are spending hash power so it's not parasiting.  At most it will cause the pools luck to appear to be bad but since P2P users have altruistic reasons it isn't likely to cause them to switch.

I appreciate very much the fact checking peer review.

Perhaps you do not understand well the "Share Withholding Attack" which is called Block Withholding in Meni Rosenfeld's whitepaper in the context of the decentralized pool case. And Rosenfeld's says "Sabotage" gives no benefit to the attacker. That is not correct in the decentralized case, because there is no way to hide the transactions and block details from the attacker for a decentralized pool (because there is no centrally trusted entity to hold the secret until the block solution is found), thus the attacker can submit the block solutions as his own (never giving them to the P2Ppool) and receive all the coin rewards instead of sharing them with the P2Ppool. In the decentralized P2Ppool case, each peer must adds its payout address thus the block has being calculated is different for each peer. The attacker will give to the P2Ppool the shares that are not block solutions, thus parasiting by receiving a portion of the coin rewards gained from the hash rate of the other peers in the pool when the block solution is found by other peers, but not reciprocating because the attacker keeps the coin rewards for block solutions he finds all to himself.

Please let me know if that caused you to understand, or if you still disagree?

A very thorough explanation which layman could grasp would take me a day or days to produce. I would need graphical illustrations as well.

51%50+% attack is an overblown problem anyways.  As you stated yourself government actors have better tools to combat bitcoin  and for private attackers it is simply not economically viable.

Perhaps so for Bitcoin because the government has an easier way to attack, yet if Bitcoin's coin taint anonymity is ever fix (see upthread the interview with Adam Back) the 50+% attack comes back to prominence. And for the proposed altcoin, the 50+% attack needs to be analyzed because the government loses some (most or all?) of its ability to attack with regulation due to the strong anonymity.
Pages:
Jump to: