Topic: More Bitshares Greed - page 4. (Read 12233 times)

Any block chain has the problem that a few big players can collude, whether they are large stakeholders or large hashpoolers.  We dilute that down to under one percent influence per delegate, max.

Then there's the question of what they can collude about.  We can all observe whether they are performing their very limited block signing job to spec or not. We can look at their published price feeds. They have no other power.

I think I could make a pretty good argument that delegates' "real world" identities being known by the community doesn't really matter or prevent a "Sybil attack".  Imo, what would constitute a "Sybil attack" is the collusion of delegates' motives.  I'm also pretty positive that the colluding delegates wouldn't "harm" the Bitshares' ecosystem, but instead use their power to manipulate delegate elections to capitalize on the delegate positions.  Everybody can know everyones' name, but it's impossible to know their true intentions.

Agreed.

So lets define it. I stopped by Wikipedia and snagged this:


BitShares delegates are known to the community and produce services or products of value.  They work with others in the community who know them.  They publish original thinking where it can be reviewed under their own name.  They reveal their own public identities.  


There is nothing cheap about earning the trust of the BitShares community.  Even the number one delegate, Toast, took many days to get voted in.

Thus, over time, the reputations of the Top 101 will become uncounterfeitable.  Before long, most slots will be held by small businesses who have established business level reputations.

Not that we trust opaque businesses any further than we can drop kick one of their executives, but the role of a delegate is so extremely limited and transparent that it is not possible to deviate from proper behavior without detection.  There is no dark place where a delegate can hide bad behavior.  Yet we can hold them accountable because of the size of their footprint in the real world.  Reputations are anchored to real world footprints.

You cannot hold an anonymous sock puppet accountable.  You cannot fire one that is easy to recreate.  But you can fire one that took a long time to create and fight its way into the top 101.

And that makes all the difference.  

They actually warn about colluding delegates on their wiki.  The problem is... How do you know who is colluding?  Do you really think that they are going to stand up and admit it?

It's really hilarious that you imply that NXT is susceptible to Sybil attacks when with NXT you actually have to purchase the currency to stake but with Bitshares you just have to be voted in.  If an individual in NXT does own multiple accounts and forges with them, that's not a "Sybil attack".  If they own the NXT, they have the right to divide it up into as many accounts as they want and forge with it.  Purchasing NXT validates their stakepower.  I don't even have to own Bitshares to obtain a delegate position.  Your father, Stan, even acknowledges that it is acceptable for an individual to occupy multiple delegate positions.  If that's not a "Sybil attack", I don't know what is.

It doesn't matter if you collect delegates' SSNs, driver's licenses, birth certificates and thumbprints, Bitshares' DPoS mechanism will always be susceptible to manipulation.  You have introduced a "social construct" (aka voting) which turns Bitshares' delegates into a "government of the wealthy".  No one will ever know what type of "behind-the-scenes" politics is going on which results in which delegates are selected.

Because you have instituted this ridiculous charade into chain security, all your figures on "decentralization" and "speed of decentralization" are speculative and assume that all 101 delegates are unique, non-colluding individuals.  The fact is all these delegates are not going to compete against each other for a position.  Who will become a delegate and control the delegate selection process are the wealthiest stakeholders.  This will be accomplished in a quid pro quo manner.  This means that really Bitshares is less decentralized than NXT because they will be able to form political/business coalitions which imo will result in them dominating the delegate selection process.  The wealthiest stakeholders in Bitshares can do this very easily because it is an "Approval Voting" process.  This allows stakeholders to put the entire weight of their stake behind each and every delegate they approve. The Bitshares' devs will deny this to the very end because they are part of this "ruling elite".

101 is just a point of comparison with BitShares.   As I have discussed on my blog:

1) We assume that free market competition drives margins toward 0
2) We assume that to avoid subsidizing by stakeholders, transaction fees equal cost of block production
3) We assume that the market will drive transaction fees as low as possible via competition among chains
4) We assume that for a given number of transactions, the fewer block producers that must share the fees, the lower the fees may be.
5) We assume that no sustainable system should depend upon actors operating at a loss.
6) We assume marginal utility decreases for each additional block producer
7) We conclude there exists a number where fees / # producers == marginal utility of an additional producer.
We conclude that the lowest fees will be a system with one block producer
9) We conclude that no system will profitably operate significantly outside the same # producers
10) When measured on a log2 scale we submit that all systems will converge on statistically the same amount of decentralization *OR* fail their users.
11) When all systems converge on the same number of nodes, we submit that delegated voting creates a more TRUSTED and FLEXIBLE set.
12) We project that 101 nodes is greater than the # the market will naturally converge upon as being a sufficient between robustness and cost.

If you really want to increase the effective decentralization then you must double the fees for each additional level of decentralization when measured on log2 scale.  Given two chains with equal features, it would require a hell of a network effect to sustain 2x fees.  

101 is indeed an arbitrary number.   We could have chosen 51 or 151.  101 was chosen simply by an argument about diminishing returns.  Going from 1 to 2 signers doubles the redundancy.  Going from 100 to 101 increases the redundancy by less than 1%.  

The important thing to recognize is that the axis being analyzed here was how much redundancy, not how much decentralization.  We felt that dispersing the processing uniformly among 101 nodes would mean the loss of any one node would impact the system performance by less than 1% until it could heal by dynamic reconfiguration to insert a "hot spare" standby node.  Adding more nodes increases costs linearly, while improving performance robustness negligibly.

Decentralization of control in BitShares is a completely different design axis.  Every shareholder gets to choose which 101 of the available nodes they want to perform this fault tolerant processing function.  They are free to vote for their own processor or any other processors they feel will suit their interests.  If they do pick their own, and enough of their peers agree, their node will be used.

So, in BitShares, all nodes participate in building a consensus about what is the most trustworthy cost-effective fault tolerant configuration of available processors to run the system.  All stakeholders participate in this consensus according to the amount of stake they have at stake, so to speak.


Once you realize how the BitShares architecture has partitioned the design problem, it suddenly makes complete sense.

(At least to those who want to use and own the system.)

If there are enough of those people, that's all that matters.

Why? Financial incentive is much lower in leased forging.

Are you saying that less than 101 entities is bad (easier for the network to be compromised), and more than 101 is not possible in the long run?
101 seems arbitrary to me, if noone would say otherwise, you try to make 101 look like the magical number where all is fine and decentralized.

Thanks for this reference.  Indeed it concludes that the ultimate consensus mechanism lies outside Bitcoin and yet Bitcoin still works!  It is this realization that allows practical designs to be achieved that accomplish the true objective of  "sufficiently trustless" systems that are immune from the abuses of opaque central control. I particularly liked the exquisitely pragmatic concluding paragraph:


This is the ultimate point we have been making.  It is possible to design systems that work well enough without achieving a theoretically pure solution.  We chose to simply explicitly manage where residual trust is being placed.

This is why engineer's always achieve what mathematician's cannot.  Mathematicians are stopped from reaching their goals by asymptotes.  Engineers know how to get close enough for practical purposes.  

Speed of decentralization is an interesting parameter. I can't comprehend its physical meaning yet, need to think more of this.



I see that you chose 101 because it's 50 + 51. To be able to decide which group to join if the network splits...

Well, I don't get why you think that at least one group will include at least 51 delegates, what if we get 34 + 34 + 33?

Also, take a look at this (from http://research.microsoft.com/en-us/um/people/lamport/pubs/byz.pdf):
If BitShares can be modelled in terms of Byzantine generals problem then 51 is an overkill (because even 1 would be enough) or 51 is not enough (you need at least 67). Or maybe you see a 3rd option?

Whisper would work great for this.

Thank you.



I noticed this too. People often confuse "decentralized" and "distributed" and sometimes they set the threshold for "this is decentralized" too high.



It's hard to do something immediately in a decentralized system. It's like trying to fly faster than light.



This part is not clear to me:

How the system of nodes can do it in a coordinated manner if the only reliable comunication channel is controlled by the delegates (and some of them are rogue ones)? A very similar problem is explained here - http://www.links.org/files/decentralised-currencies.pdf (second half of part 3).

It's great to see you here, and I appreciate the civil tone of your comments!
(Its like a breath of fresh air.)

I have notified Bytemaster that you have made some serious comments on his article and I am sure that he will study them closely, and if necessary correct the referenced article.  We certainly don't want to misrepresent anything about the product of anyone else's blood, sweat, and tears!

I assure you that no attack on NXT is intended beyond an attempt to respond to others here who requested a concrete example.  We are in no way suggesting that NXT is not a viable product with a bright future.

There's a lot of discussion in these threads and the wavefront keeps bouncing around between three of them:
https://bitcointalk.org/index.php?topic=920621.0;all (now apparently locked)
https://bitcointalk.org/index.php?topic=916696.40
https://bitcointalk.org/index.php?topic=913075.0;all (this thread)

So I don't expect you to have come across the context or motives behind the subject article.

I think we have adequately dealt with the more reckless postings in these threads, but there is an interesting recurring debate (when you remove all the clutter) about the meaning of the word "decentralized".  Apparently one opinion is that the connotations of the word in this industry have moved it away from its dictionary denotations and that further evolution of its meaning in response to ongoing technological innovations should be resisted.

Our point has been that there are multiple valid ways to move control away from the center and that having all stakeholders select from a high-quality set of candidate block signers based on their established reputations has some design advantages over randomly selecting signers from a much larger group of candidates with unknown reputations. (At least for some systems with certain additional design objectives and target applications.)  Signing authority is uniformly distributed among the 101 most respected members of the community without regard to the size of their stakes.  This can change every 10 seconds and everybody has a chance to participate based on merit, not chance.  Signers have strictly limited power.  They can either faithfully do their job or be detected and immediately fired.

The key is recognizing that there are multiple design degrees of freedom we can play with.  We need enough scalable signing nodes to be fault tolerant and a decentralized way to select them.  Both NXT and BitShares accomplish this objective in different, valid ways.  Whether each stakeholder does the routine and transparent signing work on their own computer or on a computer from someone with a vetted reputation they are still selecting which computer they want to have do it.  I know I'd certainly rather pick somebody I trust to do the signing than take responsibility for that technical specialty myself!

All "trustless" systems allocate residual trust somewhere, usually by default.  We have made it explicit.  Making it explicit in turn gives us a unique by-product asset - trustworthy nodes selected by all stakeholders.  Our designs then leverage these assets to assign them other functions that benefit from established trustworthy reputations, where any breach of trust can be detected and instantly removed by all stakeholders as well.

A recent article I wrote with Bytemaster attempts to clarify this distinction by clearly highlighting the roles of decentralization, scalability, and fault tolerance in designing robust, profitible, and incorruptible systems.  We would value you feedback on it.

He means Vitalik allows comments where claims can be questioned and discussed. Choose any of Vitaliks blogposts.

Please share the links with us.

unbelievably biased comparison!

i like how the way ethereum does this sort of things, much more mature and professional.

Nobody has claimed this. Any claims have centred around "Bitshares can't be called decentralized". These are two different things.

Today I saw http://bytemaster.bitshares.org/article/2015/01/13/Decentralization-of-Nxt-vs-BitShares/ and became interested by the title enough to spend some time on reading. The article is related to http://bytemaster.bitshares.org/article/2015/01/07/The-Most-Decentralized-Proof-of-Stake-System/ and the both analyze the same phenomenon (decentralization), so I will treat them as a single article.

I'd like to comment some things mentioned in the articles.



I believe "people" means "accounts", we don't know how many people behind these accounts. There can be only 4 of them, or 400 (yes, one of the accounts can be controlled by a company which has its own hierarchy).



I see a reference to the 101 delegates. I'd like to point that 101 is not a big number, someone could successfully control 10 such delegates or 20 delegates could collude. I can safely bet that the 101 delegates distribution follows Pareto's Principle that states that "80 delegates are controlled by 20 entities" (numbers may vary). The point of "101 is not a big number" is that order of magnitude of this number (let's write it as 99 + 2) is roughly the same as deviation caused by external factors. When a measured value has the same order of magnitude as errors of measurement scientists trash such measurements. The comparison of number of forgers and number of delegates in a 720-block window doesn't make sense to me because of this very reason.



It's a long story why we have 2-minute blocks now, it doesn't influence distribution of forgers among forged blocks though and should be discarded.



A number would be much better. One could argue that it's not "far more" but rather "a little bit more".



This is an incorrect statement. Block generation and block confirmation are different things. All nodes confirm every single block indirectly by agreeing to propagate it over the network. All merchants confirm every single block indirectly by accepting money sent to them recently. All users confirm every single block indirectly by including the reference to a block generated 20 minutes back in their transactions.



I see a violation of CAP theorem there (if BitShares are decentralized). How do you know that a blockchain generated by remaining 50 delegates is legit while a blockchain generated by other 50 delegates is not?



You have the right to define decentralization in such the way, but practical usefulness of this definition is quite low. It assumes that all individuals are equal in their power and their intentions to save the current state of things. One person who is able to protect blockchain against a reorg is more valuable than 100 others who are unable to do it.



No, we will not. Imagine that one of the nodes is a computer controlled by 1000 people (a company). In Nxt users without computers take part in the consensus too, via Economic Clustering (though it's almost not used now).



It's true only for a system with a bad architecture. O(N) should be replaced by O(log N). I'm almost sure that Bitcoin, BitShares and Nxt networks are all follow O(log N) because nodes send packets to a fixed number of peers.



Why? If usage of a cryptocurrency network generates extra profit itself then fees can be as small as it's enough for fighting spam. Hashcash could be used to remove fees completely.



These systems can claim nothing. Only some of their users can.


I skipped the rest of the article because there are already so much disagreements that the rest of the math from the article is worthless.


PS: It would be great to see comments on comments...