IOTA - page 707. | Bitcointalksearch.org

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: tromp on December 21, 2015, 05:44:24 PM

There are no PoW competitions. But I will be happy to submit once there are.

The only thing left is to note that your statement

"PoW blockchains are inherently vulnerable to QCs"

only applies to PoWs where a huge range (at least billions) of nonces is searched
(by one miner in one block interval).

If you "solve" PoW blockchain vulnerability by making mining centralized then I can't accept this as a solution. If we allowed any solution then I would claim that Bitcoin blockchain is completely insecure in some insane conditions.

I-Love-Iota

newbie

Activity: 5

Merit: 0

What is the most popular and common settings file format?

HTTP basic authentication should be considered. In actual practice though, it's more work for web developers to figure out how to specify the password through some extra parameter in the HTTP or JSON-RPC wrapper than to just stick an extra parameter at the beginning of the parameter list. What do you think? Does HTTP basic authentication get us any additional benefits? Moving it off the parameter list but then you still have to specific it in a more esoteric place I'm not sure is a net win.

tromp

legendary

Activity: 990

Merit: 1108

Quote from: Come-from-Beyond on December 21, 2015, 05:28:57 PM

Quote from: tromp on December 21, 2015, 05:09:20 PM

What's cons?
Everything in that paper by dga is addressed in more recent versions of the Cuckoo Cycle whitepaper (e.g. the version published in BITCOIN'2015 from Jan 2015).

Good, you should send it to the next tradeoff-resistant algorithm competition.

There are no PoW competitions. But I will be happy to submit once there are.

The only thing left is to note that your statement

"PoW blockchains are inherently vulnerable to QCs"

only applies to PoWs where a huge range (at least billions) of nonces is searched
(by one miner in one block interval).

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: child_harold on December 21, 2015, 05:01:07 PM

Forgive my brevity but I'm short on time
Short answers preferred, thanks.

1. Will there be an explorer for IOTA?
2. Is IOTA susceptible to double-spends?
3. Is there any kind of scripting language in IOTA? (Ethereum style)
4. Does IOTA afford better anonymity than Bitcoin?
5. Does IOTA require/benefit from decentralized nodes? (Bitcoin-style)
6. Where do JINN and ternary procs fit in?
7. When are we "Quantum Secure"? After XMAS?

1. Yes
2. Depends on merchant policy
3. No
4. No
5. Didn't get the question
6. Iota works with trits instead of bits
7. From the very beginning

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: tromp on December 21, 2015, 05:09:20 PM

What's cons?

Everything in that paper by dga is addressed in more recent versions of the Cuckoo Cycle whitepaper (e.g. the version published in BITCOIN'2015 from Jan 2015).

Good, you should send it to the next tradeoff-resistant algorithm competition.

So the only problem left is necessity to have top-tier hardware to be able to mine quantum-proof blockchain, i.e. even worse centralization of mining?

tromp

legendary

Activity: 990

Merit: 1108

Quote from: Come-from-Beyond on December 21, 2015, 03:57:41 PM

Quote from: tromp on December 21, 2015, 03:28:33 PM

336 bytes.

Is there an algorithm that requires very little memory to verify a nonce but without cons mentioned in https://www.cs.cmu.edu/~dga/crypto/cuckoo/analysis.pdf?

What's cons?

Everything in that paper by dga is addressed in more recent versions of the Cuckoo Cycle whitepaper (e.g. the version published in BITCOIN'2015 from Jan 2015).

child_harold

hero member

Activity: 812

Merit: 1000

Quote from: Come-from-Beyond on December 21, 2015, 04:30:29 PM

I've known that someone is working on a node explorer for Iota. Iota protocol doesn't allow to share nodes, IoT devices will likely use radio to broadcast transactions to other devices around them.

Forgive my brevity but I'm short on time
Short answers preferred, thanks.

1. Will there be an explorer for IOTA?
2. Is IOTA susceptible to double-spends?
3. Is there any kind of scripting language in IOTA? (Ethereum style)
4. Does IOTA afford better anonymity than Bitcoin?
5. Does IOTA require/benefit from decentralized nodes? (Bitcoin-style)
6. Where do JINN and ternary procs fit in?
7. When are we "Quantum Secure"? After XMAS?

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

I've known that someone is working on a node explorer for Iota. Iota protocol doesn't allow to share nodes, IoT devices will likely use radio to broadcast transactions to other devices around them. There will be no a way to reach nodes out of the range*, Iota on UDP transport mimics such behavior by requiring to manually type a list of the nodes, only these nodes will be used. From the start there will be a short list of nodes, later users should exchange their node IPs/domains with each other via any means of communication forming a https://en.wikipedia.org/wiki/Small-world_network.

---
* - Well, it's possible to do routing from one point of the globe to another even for devices with short-range radio modules, but Iota relaxes requirement to hardware by using only bare minimum.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: tromp on December 21, 2015, 03:28:33 PM

336 bytes.

Is there an algorithm that requires very little memory to verify a nonce but without cons mentioned in https://www.cs.cmu.edu/~dga/crypto/cuckoo/analysis.pdf?

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: eragmus on December 21, 2015, 03:08:13 PM

FYI: I would still appreciate a reply to my argument about Bitcoin Lightning (payment channels) solving IoT problem, and how the fees are by design going to be less than 1 satoshi & Lightning's infinite transaction capacity...
> https://bitcointalksearch.org/topic/m.13311118

For LN to work in IoT industry we need an efficient routing algorithm for one billion nodes forming a quasi-homogeneous network. Do you have one that doesn't require expensive bandwidth? How does LN incentivize to share routing metadata that could be used for detours? What is the most efficient leverage of available funds (too little will require to update routing metadata very often, too much is too expensive because locked coins don't "earn" profit)? How routing metadata are verified for non-neighbors and how dishonest nodes are punished? Can't a payment route be used to deanonimize payment recipients? What if a payment hub doesn't support payment network neutrality? What possibilities does a successful MITM attack give (it's an extra level, hence it's extra possibilities)?

tromp

legendary

Activity: 990

Merit: 1108

Quote from: Come-from-Beyond on December 21, 2015, 03:13:20 PM

Quote from: tromp on December 21, 2015, 03:03:41 PM

Cuckoo Cycle proofs are instantly verifiable, just like Bitcoin nonces.

Bitcoin nonces are not verifiable instantly, but they require only very little memory. How much memory is required to verify Cuckoo Cycle nonce?

336 bytes.

Quoting from https://github.com/tromp/cuckoo:

"Proofs take the form of a length 42 cycle in a bipartite graph with N nodes and N/2 edges, with N scalable from millions to billions and beyond.

This makes verification trivial: compute the 42x2 edge endpoints with one initialising sha256 and 84 very cheap siphash-2-4 hashes, check that each endpoint occurs twice, and that you come back to the starting point only after traversing 42 edges.
A final sha256 hash on the sorted 42 nonces can check whether the 42-cycle meets a difficulty target.

This is implemented in just 157 lines of C code (files src/cuckoo.h and src/cuckoo.c).

From this point of view, Cuckoo Cycle is a very simple PoW, requiring hardly any code, time, or memory to verify."

The verify() function uses 2*42 ints of memory.
For graph sizes up to 2^32, those can be 32-bit ints, so that's 336 bytes.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: tromp on December 21, 2015, 03:03:41 PM

Cuckoo Cycle proofs are instantly verifiable, just like Bitcoin nonces.

Bitcoin nonces are not verifiable instantly, but they require only very little memory. How much memory is required to verify Cuckoo Cycle nonce?

eragmus

newbie

Activity: 7

Merit: 0

FYI: I would still appreciate a reply to my argument about Bitcoin Lightning (payment channels) solving IoT problem, and how the fees are by design going to be less than 1 satoshi & Lightning's infinite transaction capacity...
> https://bitcointalksearch.org/topic/m.13311118

tromp

legendary

Activity: 990

Merit: 1108

Quote from: Come-from-Beyond on December 21, 2015, 02:50:45 PM

Quote from: tromp on December 21, 2015, 02:32:25 PM

Let's say the block interval only allows for a 100 proof attempts (nonces) by a single miner.

How will you protect nodes against DoS attacks sending junk bytes pretending that they contain a valid nonce?

Cuckoo Cycle proofs are instantly verifiable, just like Bitcoin nonces.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: tromp on December 21, 2015, 02:32:25 PM

Let's say the block interval only allows for a 100 proof attempts (nonces) by a single miner.

How will you protect nodes against DoS attacks sending junk bytes pretending that they contain a valid nonce?

tromp

legendary

Activity: 990

Merit: 1108

Quote from: tromp on December 21, 2015, 01:38:46 PM

Quote from: Come-from-Beyond on December 21, 2015, 01:18:50 PM

Quote from: tromp on December 21, 2015, 12:31:26 PM

PoWs requiring billions of bits are pretty safe from QC quadratic speedup,
which is still struggling to work for mere dozens of qubits.

We have stopped on time-memory trade-off...

Not all TMTOs are linear...

You don't even need a PoW with superlinear TMTO.
A simple and practical PoW like Cuckoo Cycle suffices.

They key insight is that the longer a single proof attempt takes,
relative to the block interval, the smaller the advantage of the QC.

Let's say the block interval only allows for a 100 proof attempts (nonces) by a single miner.
(e.g. 10 second block interval, and 0.1 second proof attempt).

A QC can use quadratic speedup to search those 100 nonces in 1/10 the time,
but this will small 10x advantage will be completely wiped out by

1) the TMTO slowdown and penalty (already a factor 10^3 for a million qubit QC running cuckoo on 2^27 nodes)

2) cycle time of QC being way longer than that of classical computers

3) constant factor overhead in running Grover algorithm.

50cent_rapper

legendary

Activity: 1344

Merit: 1000

Quote from: Come-from-Beyond on December 21, 2015, 06:14:31 AM

After thinking about how the test should be conducted an idea came to my mind. What if the testnet becomes more popular than the mainnet? And those who didn't purchase the iotas will run their own competing version. Due to the first mover advantage they will increase their odds of world-wide adoption. Any suggestions how to solve this issue?

About the test net: just send the participiants no more then 10 nanoiotas, thus you will be able to test transactions, but iotas will be not usable in real cases cause it will be not divisible to the proper extent.

The problem is a forks: I already image UtopianFuture suckpoppet creating thread about "Iota fork but with fair destribution", as he done for NXT with NEM and for Qora with Kora.

Launch without testnet.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: tromp on December 21, 2015, 01:38:46 PM

Not all TMTOs are linear...

Some PoWs need q^2 more time to use q times less memory,
which you cannot overcome with a quadratic quantum speedup.

I agree that it's possible to create an algorithm that will be too hard for available quantum computers, it can even be modified each month to keep new QCs out of business all the time. The question is: Will ordinary users be able to run such algorithm? If not, then we'll get Animal Farm scenario becoming the reality - We'll trade one master for another.

tromp

legendary

Activity: 990

Merit: 1108

Quote from: Come-from-Beyond on December 21, 2015, 01:18:50 PM

Quote from: tromp on December 21, 2015, 12:31:26 PM

PoWs requiring billions of bits are pretty safe from QC quadratic speedup,
which is still struggling to work for mere dozens of qubits.

We have stopped on time-memory trade-off...

Not all TMTOs are linear...

Some PoWs need q^2 more time to use q times less memory,
which you cannot overcome with a quadratic quantum speedup.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: tromp on December 21, 2015, 12:31:26 PM

PoWs requiring billions of bits are pretty safe from QC quadratic speedup,
which is still struggling to work for mere dozens of qubits.

We have stopped on time-memory trade-off...

Topic: IOTA - page 707. (Read 1473233 times)