Topic: MerkleWeb - statistical Godel-like secure-but-not-perfect global Turing Machine (Read 12230 times)

I will respond here for the moment because I don't feel like registering yet another password to keep track of.

My most imortant question is: how essential is the walkie-talkie format?

As Asimov1 pointed out, you are going to find yourself duplicating the existing cell-phone network in many ways.

I can confirm that it will be difficult to broadcast 10 miles. CB radios can do it, but they use about 4 watts of power. The USB interface supplies only 2.5 Watts.

Highly directional antennas will only work on a base station (read: not constantly moving around); also known as a "radio tower" if mounted above the ground for good coverage.

Patents came up. The 802.11n standard uses spatial-division multiplexing. Multiple antennas are driven slightly out-of-phase (glossing over details I don't know alert) allowing the beam pattern to be "steered" somewhat (all without moving parts). Any radio technology from the last 20 years is likely dripping with patents.

Finding spectrum will be a problem. During the last sectrum auction in Canada, the incumbents doubled their ammortized infrastructure costs by bidding something stupid like $4 Billion. They expect to make that back by charging the average cell-phone user $40/month. You will have trouble getting spectrum cheaper because the incumbents won't sell spectrum for less than they paid at auction. So, you are limited to the very limited "free for all" spectrum slices. These typically restrict transmit power, such that your range is likely to be closer to 1 mile than 10. Using the visible spectrum is a possibility for line-of-sight hops.

Finally, I would advise you to not mix the merkleweb proposal with the IP-Walkietalkie proposal. Both are complicated enough on their own that the chance of failure is high. If both projects are successful, you can combine them later.

Check this out, maybe interests you:

http://www.servalproject.org/

(I'll respond to the last comments later)

Me and James Jaeger (director of Fiat Empire - The Federal Reserve Is Unconstitutional and other documentary films, which you can watch on Youtube) are talking about forming a business together to create "IP Walkie Talkies", a wireless mesh network of cell-phone like devices that form a free peer to peer Internet thats off the grid, no monthly fees, no central control, freedom of speech, and it may have some similarities to MerkleWeb. We're still talking about how to build it. Soon we may be looking for employees and business partners. Anyone interested? Join the talk here:

http://www.kurzweilai.net/forums/topic/a-technological-renaissance-peer-to-peer-non-internet-ip-walkie-talkie-nets

We have the right to freedom of speech therefore also have the right to create and use communication systems which are free of anyone controlling that communication.

We could put every Internet Service Provider and Cell Phone business, out of business, since we would undercut their prices at ZERO per month and no censoring or central control. Don't worry about us becoming a monopoly, since my condition of helping with the project is it is toward an open source hardware and software, but not necessarily starting that way. Also it will prove to everyone that peer to peer Internet can work on a large scale, so others will start work on other forms of peer to peer large scale communication even if something goes wrong with that plan.

Its not hard to obsolete an infrastructure that's designed to crawl slowly as it waits for permission from a hierarchy organization. Peer to peer is naturally faster. For example, Apache Cassandra has a mostly peer to peer core and is used by Netflix to stream their videos, but peer to peer is only possible in server connections, while most Internet connections are client and can't connect directly to eachother (a form of censoring). Peer to peer is the future. Want to free the Internet and get rich at the same time?

Technical estimation, quoted from that thread:

Thank you.

I don't know much about homomorphic encryption either.


That claim in the Wikipedia article was cited:


Even if it does work as described, I would be concerned by the lack of paper-trail. It is very hard to trust that a computer is doing what it says it is doing. Even if the vote tabulation is beyond reproach (thanks to the proposed distributed turing machine), the computer being used for voting may be able to do statistical vote substitution (even in the face of vote reciepts).

I think I now get what you mean (although I'm an homomorphic encryption newbie).

And, yes, I guess you could transfer part of the algorithm to data. For example, a trick that comes to mind...
You could train a neural network to be equivalent to a given function or part of an algorithm, then use the weighs of the network as part of the input (although constant) and be able to also encrypt them, obscuring the algorithm.
Probably not very attractive for merkleweb if the number of inputs are a limitation.

By the way, can someone explain me how homomorphic encryption can be used to "create secure voting systems"?

What I think what jtimon getting at using the Socratic method is that the data is secret, not the algorithm. That probably has all kinds of interesting implications for data leakage or separating data and executable code.

Your link is fishy, try this: http://eprint.iacr.org/

Also: http://css.csail.mit.edu/cryptdb/


--- Andy Greenberg, Forbes

It is possible that I made a slight cognitive leap based on my limited understanding of Homomorphic Encryption.

In practice, (depressingly) few file formats clearly distinguish between executable code and data. Often due to programmer laziness or feature creep from management[Citation Needed].

I was making the apparently false assumption that the key-renewal algortihm described in the Damien Stehle and Ron Steinfeld paper was Turing-complete and encrypted. However, skimming the paper without understanding most of the math, it looks like the renewal algorithm is known, but additional "hints" are stored with the public key. This extra information is used to reencrypt/error-correct the private key stored with the encrypted data.

Edit: the one time I don't check links... or were you concerned by the lack of peer review?

Wait a minute...You mean the network can run programs without knowing what they do?
I don't get it. Can you explain it?

Testing on a LAN should be possible, but there will be so much overhead that it would only work as a proof-of-concept.

One thing that needs to be clarified is how do you force poeple to write using "intelligent programming" rather than "brute force"? I think it is obvious that injecting "choice bits" into the system will be more expensive than spending bitcoin. Brute-force algorithms may even involve fewer "choice bits" than a much faster algorithms. Though, you pointed out, the faster algorithm only has to be written once (unless encrypted).

I have no opinion about the viability of Homomorphic encryption. I expect for many public-interest calculations, keeping them public may be a good thing. For example, climate modeling: Critics would be able to see exactly how much the data was "fudged."

What would the time frame be for full implementation to alpha and are there any precursors or valid test cases that we can implement prior to a full product being available? Is the light version of this idea just as valid or does it need to meet any threshold value between inception and full run?

FF

As long as we are not using quantum computers, data is stored (or its XOR RAID-5 like difference can be calculated from data stored) somewhere, no? If enough data is missing (if enough RAID-5 disks catch on fire) is the entire address space corrupted?



Merkle-tree-pruning, yes. But if some code today addresses data that later 'disappears', doesn't the result of the computation become invalidated (not possible to be validated) at some point in the future?



If every address bit is { 1 | 0 | null }, then like SVN, ZFS, Btrfs, CoW, every bit in time is a cumulative difference of all historical changes from its preceding past, then 'now' is the same as TIME = ( MAX_64_BIT_INT - 1 ). I don't think this will scale at all, but it's theoretically solid.



Some types of verified work, particularly when you wish to keep secrets from the worker, may require cutting edge encryption, but I would think most repetitive tasks can be verified through random reprocessing checks.

Many of BenRayfield's abstractions are beyond me, though fascinating. As far as I am concerned, a truly distributed generic computer(s) is very useful and would work. It would be very nice to be able to store data in the network (unlocked by local private keys) as well as distribute processing and pay only for cycles used. In fact, the user of services, rather than the producer of services, may actually pay.

I would be more than willing to offer my local processing time, storage space, and bandwidth in exchange for credits for future distributed computation, storage, and bandwidth. I don't particularly care if those data and services are within one single MerkleWeb, or one of numerous addressible distributed grid computers. Those credits could either replace bitcoin, give it inherent value, or compliment bitcoin nicely.

The core design of MerkleWeb does not support privacy or encryption, but since its a general computer those things can be layered on top.

http://en.wikipedia.org/wiki/Homomorphic_encryption

The Wikipedia page also says that a proof-of-concept of homomorphic encryption exists.


Do you have a reason to think faster kinds of homomorphic encryption won't be found later?

Also, the binary form of software can be done in such a confusing way that its similar to encryption. That's why its usually impractical to modify a software without having the source-code, especially C code and other low-level languages. Some ways of doing it make it easy to translate the binary to readable form, while obfuscators are more like encryption. Combining that with just a little homomorphic encryption (which is practical speed for lower security levels) may be enough for practical privacy while the bottom layer of MerkleWeb is publicly visible and searchable.

Also, I wrote a few things about "privacy" earlier in this thread.

The idea for MerkleWeb started as a way to have reliable calculations in a global network. Privacy was the afterthought. Its not a core feature and would need to be built as a higher layer, like we can still have privacy on the Internet today while the lower layers of http://en.wikipedia.org/wiki/OSI_model are not secure.

I know the first (and maybe the newest?) version of Bitcoin isn't scalable, but the math design of Bitcoin is scale-free since each computer could do only a small part of the calculations and store only some of the blocks, making sure it all overlaps correctly.

Quote from Bitcoin's design doc http://bitcoin.org/bitcoin.pdf

Those parts of Bitcoin's design doc describe paths of expanding Bitcoin's design so each computer only needs to use a small part of the network. MerkleWeb will be a continuation of those ideas optimized for most calculations being deterministic and a very small fraction of calculations being digitally-signed nondeterministic "choice bits".

I'll have to think about this some more, but so far I'm very confident that MerkleWeb's design ranges from scale-free to the square-root of the efficiency you'd expect, depending on how much reliability you need and how much of the network is run in each computer and what fraction of the computers can be hacked and you still need MerkleWeb to work reliably with the remaining parts, and other things to tune.

When they created http://en.wikipedia.org/wiki/Arpanet it was slower than a dial-up-modem, but its purpose was reliable communications even if much of the communications grid goes down. Since then, the Internet has come under centralized control, has become a hierarchy of servers and mostly client connections, where no 2 normal Internet connections can contact eachother without going through a server computer which are mostly owned by businesses. Regardless of how slow it may be, MerkleWeb would be what Arpanet was supposed to become, a decentralized reliable communication grid that works even in severe battle conditions. In MerkleWeb, if half the Earth is nuked, the other half of the computers would experience a few seconds delay and lose the last few seconds of clicks and button presses but mostly continue without interruption at half speed. In general, but not taken to that extreme, that's what Arpanet was supposed to become.


Most digital technology is designed for use with brute-force computing strategies. MerkleWeb's design sacrifices brute-force speed for unlimited abstraction potential. An analogy: Scheme is to Common Lisp as MerkleWeb is to VMWare. Scheme supports unlimited levels of recursion through http://en.wikipedia.org/wiki/Tail-call_optimization as the normal way to do control-flow, a style that would crash languages like Java with a StackOverflowException. You can run operating systems inside other operating systems inside operating systems... through VMWare, for example, but it gets slower each time. Because of its potential for unlimited NAND level abstraction of the whole network as 1 system, MerkleWeb has the potential to run virtual/emulated systems inside eachother to any depth without losing any speed, like recursive functions don't get slower at deeper recursion levels. It comes down to a choice between brute-force speed and the potential for more intelligent programming. Without using the Internet as a Universal Turing Machine, that potential is not available. Example: Billions of dollars could be used to "rage against the machine" about how the Internet is centrally controlled, or we could offer a much better way to organize it public-domain and free to everyone as MerkleWeb. Which strategy is more effective in that case, brute-force or slower but more intelligent abstractions? Humans can think more abstractly than Monkeys and Tigers and Elephants is why we are the dominant species. We're certainly not the strongest or fastest. So why continue using brute-force strategies in technology?

I find the idea impressive, but I don't think it will actually work. As far as I can tell, the proposal is technically sound, but abstracts away real-world concerns like bandwidth and CPU time. It is like you took Computing Science to its logical conclusion.

I think Scalabilty has the potential to be a real problem for bitcoin. In the example given, a "VISA" level of transaction processing (2000 transactions per second) is expected to have blocks over 1GB in size. I expect this will force many miners on home or even business Internet connections off the network (Colocation with fiber access would be needed instead).

Even with the incredible compression you expect to achieve, I doubt a global turing machine will need less than 2000 transactions per second. This implies a huge amount of bandwidth usage and local storage demands (for saving every fork).

I also don't think confidential processing (such as generating vanity bitcoin addresses) will be possible without Fully Homomorphic encryption. Found out about that concept reading this very forum

Like quantum physics, there is no concept of "local" in MerkleWeb. Each MerkleWeb network acts as 1 computer which many people and other technology can use at the same time.


Yes. Theoretically every bit could come from a different node, or more extreme than that, every bit could be compressed and be the result of some calculation that is spread across many nodes, so the bits don't have to exist directly anywhere in MerkleWeb as long as they can be quickly recalculated in any part of the network.


The rules of any specific MerkleWeb network could be set up to allow deletions. As long as the state of a MerkleWeb is the result of a previous state of that MerkleWeb as defined by the rules encoded into its starting state, it will be a valid MerkleWeb. The rules can be anything since its a general computer. The deletion would become permanent if the network is set up to only store previous state of the last few minutes or years or whatever time range, with SVN-like compression only storing the "choice bits" and partial and overlapping snapshots of the calculations less often.


Yes. Self-Tuning Load Balancing at all levels is a core feature of MerkleWeb.


In the 320 bit version of MerkleWeb, there are up to 2^256 virtual bits and up to 2^63 time rows of them. One way to do it would be to use each public key as a variable name and put its updated values at the current 64 bit time row and the same 256 bit address of the key. The data would always be a 320 bit address pointing at the "latest version of some material". Those 320 bits could extend 319 more bits into the space of "2^256 virtual bits" (allowing new broadcasts each cycle but possibly risking overlap with rare adjacent public keys) or the other direction up 319 more time rows (allowing new broadcasts every 320 cycles). Or some sections of the "2^256 virtual bits" could be allocated for such new material and optionally deallocated later when the sequence of "material" is deleted or moved. There's many ways to do it. Can anyone offer some ideas?


If something runs inside or outside of MerkleWeb does not affect if it can be mapped into the 320 bit address space and used as a part of MerkleWeb.

Example: Bitcoin's existing user accounts (public keys) and history of blocks could be used as a part of MerkleWeb's address space and seamlessly work with existing Bitcoin software and networks. That's because Bitcoin's behaviors are well-defined.

If something is not deterministic, it can only connect through a public-key which is used as the name of its input and output bits, called "choice bits", as it interacts with MerkleWeb. Example: People are often unpredictable, but they still need a way to interact with MerkleWeb.

Its not a problem. MerkleWeb wouldn't be useful if it couldn't interact with our chaotic world.


http://en.wikipedia.org/wiki/Apache_Subversion (SVN) acts like a copy-on-write versioned filesystem but does it much more efficiently by only storing the changes and a little extra information for how to assemble all the changes into whole files again when an old version is requested. MerkleWeb is like SVN for the states of a general computer, while SVN is only for states of files and not the calculations.


The most practical size for MerkleWeb to fit with today's technology is 320 bits because 256 are for the SHA256 algorithm (which is done reasonably fast in normal computers and there is some hardware designed specificly for SHA256) and 64 are for a 64 bit integer (which most programming languages and hardware calculate efficiently). As explained here http://en.wikipedia.org/wiki/SHA-2 is 1 of a few industry standards (each a different bit size and strength) for secure-hashing arbitrary bits.

224 is the smallest bit size which has no known security vulnerabilities. If SHA256 is cracked, it doesn't break MerkleWeb, just makes it have weaker security, since if 2 data that have the same SHA256 hashcode ever meet eachother on the same computer (which has a calculation cost of the square root of the whole calculation cost of the system) then the contradiction would ripple out causing recursive rollbacks until the cause was found and fixed. It could be done more efficiently than the square root of total network cost by making Merkle Trees refer to eachother in the constants section in many overlapping ways, so even if SHA256 is cracked, it would have to crack it from many Continuation states at once, which is an exponentially harder problem. If the security is tuned up that high, at the cost of efficiency, MerkleWeb's data-integrity (not secrecy) would be exponentially more secure than Bitcoin.

If that kind of security is used, it could theoretically be done with a 64+64 (instead of 256+64) bit address space since collisions would have selection-pressure against their continued existence by the extra layer of security, and the first data to be created would usually win and prevent the use of any data whose hashcode collides with it. I don't want to get into that complication yet (leave it for when or if SHA256 is cracked and if we don't upgrade to SHA512 at that time), so I recommend 256+64 bit addresses.


Right. But most people don't want to pay more now and think ahead, so lets go for the 320 bit version and upgrade to "the 1024 bit version" (as I wrote above) later which has an address space big enough to fit an entire 320 bit MerkleWeb in 1 of its constant bit strings.

If "the full 128-bit address space would require more energy than required to boil the oceans", then the full use of a 1024 bit address space would take more energy than a "big bang".

Optional possible use of MerkleWeb on more advanced hardware later: If infinitely manyworlds multiverse theory is true, then Schrodinger's Cat is both alive and dead at the same time, in different branches of reality, and we would have enough computers (on parallel mostly overlapping Earths) to use the full address space. This is supported by empirical observations in quantum experiments where objects big enough to see by the naked eye are in 2 or more places at once. The fact that Humans evolved to understand Newtonian physics does not change the fact that physics only appears to be Newtonian until you use physics with enough accuracy. This is relevant to MerkleWeb because if manyworlds multiverse theory is true, then an infinite number of Earths, each running variations of the same MerkleWeb calculations, will always calculate the same 320 bit address for the same calculation because SHA256 is consistent that way, so if a way to communicate between these parallel mostly overlapping Earths was later found, MerkleWeb would already be designed to take full advantage of an Internet where packets are routed statistically in wave-interference patterns between parallel Earths. I wrote about "wave interference" in MerkleWeb's network routing behaviors being similar to quantum physics. If that theory and manyworlds multiverse theory are both true, and if MerkleWeb is run on a grid of wireless routers (because they transmit light and all light is quantum), then MerkleWeb would literally be a quantum computer. If any of those theories are not true, then MerkleWeb would only change the world with "unity mode" for the whole Internet. Its important that MerkleWeb not depend on any of these unproven theories, just have the potential to use them in more advanced hardware later. I'm a Mad-Scientist, but I'm still a scientist and go about things in a logical way.

When I say MerkleWeb would be a 320 or 1024 bit global computer, I don't mean we have to have hardware at the whole address space. Its mostly for avoiding collisions of hashcodes and future expansion as technology continues advancing at exponential speed. It doesn't cost much to use a bigger address space with the same hardware, but it is very expensive to fix old systems. How much money was spent fixing the 2-digit numbers in year-2000 upgrades?



To everyone...

I could use some help in creating some example uses of MerkleWeb, and the technical details of what makes those examples work, of how MerkleWeb could be used to do each "design pattern" in http://en.wikipedia.org/wiki/Software_design_pattern Those "design patterns" are the most common patterns observed in software designs. If we can explain how MerkleWeb can do these patterns better than existing systems, it will be taken much more seriously.

That doesn't include simple data structures, but we need some examples of that too.

A list is easy. In the constant bit string section, a list could be n bits where n is a multiple of 320, and each group of 320 bits is a pointer to the thing in the list. The list would be at the 320 address of the first bit of the first pointer in the list.

A set is an unordered list. It can be done to allow binary-searches by ordering all pointers in the set as 320 bit unsigned integers. To check if a certain pointer is in the list, do the binary search. To combine 2 sets, do 1 cycle of the mergesort algorithm which is very fast.

A map/hashtable is like a set except 2 times as big. Each entry would be 2 pointers. The first pointer works the same as in the set. The second is the value for that key.

Lists, sets, and maps can contain eachother. Since SHA256 is a SECURE-hash algorithm, there is no direct way to have a map, set, or list that contains itself or has any path back to itself. Its an acyclic network of these programming objects. Example: Java's list, set, and map objects don't allow cycles either since it causes errors in the Object.hashCode() and Object.equals(Object) functions. Java allows you to design lists, sets, and maps that can have cycles of containing themself, but normally its considered an error and can result in an infinite loop when hashCode() or equals(Object) is called. MerkleWeb could allow cycles of objects containing themself by using Public Keys as variables, a list set or map containing the Public Key, and the Public Key later broadcasting a pointer to that list set or map. That doesn't interfere with the secure-hashing so it works.

We could create a JVM on top of MerkleWeb, but it would be very complex. Instead, implementing the Scheme language is closer to what MerkleWeb naturally does. But before integration with other languages, we should create a new language from the bit and NAND level up, using lists, sets, maps, and other simple data-structures and calculations, as a proof-of-concept. Then on top of that, create the examples of how to use MerkleWeb to do http://en.wikipedia.org/wiki/Software_design_pattern

Why help? Bitcoin, at its best so far, was a 100 million dollar economy, created out of nothing, taking value from all dollars and moving that value into bitcoins. 100 million dollars is small compared to the trillions in the total Earth economy. I mean no disrespect to Bitcoin since its a very innovative and useful program, but at its core Bitcoin is a calculator that does plus and minus and a spread out way of creating the numbers based on "proof of work". Bitcoin is a calculator. MerkleWeb will be a computer. MerkleWeb is based on the Bitcoin security model and other similarities, but far more generally useful. If Bitcoin can move 100 million dollars, then MerkleWeb can move trillions of dollars. If you or your business helps develop the MerkleWeb prototypes and/or ideas, or any other way you know to help, then when it gets big your investment will pay off as people know you helped create it and will be very interested to work with you on other big projects. All the MerkleWeb design documents I've written at http://sourceforge.net/projects/merkleweb and here in this thread are public-domain, which means I'm not taking a cut and nobody owns it and everyone has the right to use it, but still its an investment that is likely to indirectly move money toward anyone who helps in a big way, and will improve the world overall. "Unity mode" for the whole Internet, like VMWare did for programs of different operating systems on 1 computer at a time, is a game-changer. Will you help?

I trust you have a grasp on these low-level implementation details, which if possible might as well be magic to me until I can sink my teeth into some tech specs. Now, for higher level concerns:

Suppose someone decides to upload their smut collection into the address space. What incentive does anyone else have to host the data? What means do they have to remove this data locally? Can nodes hold incomplete portions to be recreated by the requester? If every node purged specific data, would the network become invalidated?

Suppose someone uploaded a service. Would its availability be proportional to its popularity? (something like reinforced weighting of paths within a neural network [each node hop adds data to a leaky bucket proxy cache]).

Suppose someone uploaded false slanderous material. Could it be removed, modified? How could we address the 'latest' version of some material? (I assume data does not change in time and space)

Do you have thoughts on purely off-network code execution? Rather than defining an interpreter build up from MerkleAxioms (NAND, 321-bit addresses), a block of data could declare "this is an ambiguous version of javascript" followed by code including predictable public global variables (same address space, sequential time space). As long as some node runs the code locally and writes the outputs, there isn't much to verify. We can argue about whether it is truthy, but it's no longer deterministic as far as MerkleWeb. Would that be a problem? What prevents MerkleWeb from becoming primarily a global public copy-on-write versioned filesystem? Could that swamp the benefits or would it only make the network more robust?

If I recall from ZFS, addressing the full 128-bit address space would require more energy than required to boil the oceans. Does MerkleWeb require vastly more space to minimize random allocation collisions? Furthermore, if you expect the time component to represent cycles (rather than seconds or blocks), perhaps 64-bits is not sufficient? Running a trillion calculations per second is less than a year, or a few hundred years at a billion calcs per second.

Reminds me of something MerkleWeb is partially a continuation of, "An Idea Worth Spreading - The Future Is Networks", and the idea is spreading.
http://emergentbydesign.com/2010/03/16/an-idea-worth-spreading-the-future-is-networks

Social networks of people. Merkle Tree networks of calculations and data storage. Open source networks of software. Mind maps linking ideas together. MerkleWeb could bring it all together in a public-domain unbiased way.

This is an idea worth watching. One can envision many uses for such a system. Great job man!

Speculative evaluation (prediction and rollback if wrong) is needed if cycles run faster than it takes electricity to move from one side of Earth to the other.

I wrote in the first post:

That's how it works if all computers calculate the whole network. Loosening that constraint, and adding more reliability by continuously trying to deceive the network to make sure the network can handle it, we can have each computer only run a small fraction of MerkleWeb's calculations. I later wrote:


So yes the design does allow Denial of Service attacks in some branches, but other branches where such DoS attacks do not happen will also exist and will be much faster so most of the network will continue on those paths. To allow that, I add to the MerkleWeb design: Any state of the system where a DoS attack is possible in the future is an error state, therefore all previous states of a DoS state are errors and must be traced back to an incorrect NAND calculation. This will require that the "driver" of each MerkleWeb be written in a way that does not allow DoS attacks, else that driver will be automatically rolled back and force programmers to write a better driver that does not allow DoS attacks or "deadlocks" (as I originally wrote this strategy for).


In general, the cost of dealing with these things is MerkleWeb will run approximately log(number of bits in MerkleWeb) times slower, the cost of a binary search through Merkle Trees to find which trees are compatible with which other trees using local caches of the chances of such compatibility per Merkle Tree node. It's not exactly a binary search, but the calculation is something like that which compares the compatibility with each Merkle Tree and recurses to subsets of childs sometimes. For example, if there are 10^15 bits (amount of information in a Human brain) in a MerkleWeb network, it would run approximately 50 times slower than the normal way of running programs, since 2^50 is approximately 10^15. That 50x slowdown will be far more than paid for by new kinds of optimizations and the ability to scale up to any number of computers in the same peer to peer network, including grids of GPUs (in graphics cards) and wireless mesh networks and cell phones and other devices. That's the cost of protecting MerkleWeb from DoS attacks and keeping the network state globally consistent.

MerkleWeb is very different from how the Internet works today. Its other protection against DoS attacks, which so far have all been at a certain Internet address or part of the Internet, is that MerkleWeb has no addresses for specific hardware. There is 1 global 320 bit address space that represents CPU registers, memory, hard drive, network storage, packets flowing through routers, and all other patterns of information. There is no way to target a certain part of MerkleWeb with a DoS attack. Only the content on MerkleWeb can be targeted, and it's all spread across the Earth.