Topic: [neㄘcash, ᨇcash, net⚷eys, or viᖚes?] Name AnonyMint's vapor coin? - page 40. (Read 95279 times)

A single double-spend by someone investing in a majority of the control of the coin doesn't make much economic sense.

Against Dash and Satoshi's design (e.g. Bitcoin) that can theoretically be executed with a much less costly Finney attack (where the attacker wins a block but doesn't announce it right away and first announces his double-spend, which is even more likely in Dash's InstantX because the confirmation is instant making it much more feasible to fool the unwary merchant who was assured that InstantX is instantly confirmed so not to wait for chain confirmations), so no need to invest such massive resources. And there are other less costly attacks specifically on Dash that monsterer alluded to and I will be following up on in future posts.

So our crypto threat model for taking total control of the chain isn't really a single double-spend but rather:

• Ongoing double-spend or other mischief (e.g. dropping transactions by orphaning chains) to crash the price of the coin. This applies more to an altcoin that hasn't graduated to widespread adoption.
• Having the longest chain meaning they can blacklist any block announcement or transaction they want to, or even change the protocol entirely in subtle ways that the masses won't object to. This applies to a coin that has widespread adoption and geopolitical-economics implications.

Personally I am most concerned about state regulated pools and miners being able to blacklist transactions that don't carry KYC identification number on them, as dictated by some future NWO (or G20 cooperation recently announced) authority that has the power to take control of more than 49% of the hash rate ongoing. That is why even the excessive ongoing cost of such is not sufficient of an argument to me of security, because the State profits from being able to maintain their power of taxation and other monopolistic powers for those fascist corporations that effectively control (leech on) the State. Personally I think it is assured that is where Bitcoin is headed over time, because it is the most natural outcome.

So although the asymptotic math implication is astute and aids the conceptualization of a model, that is why I am not fully satisfied only with monsterer's distinction being that the cost is sublinear versus constant for PoS. And I was never satisfied with the standard retort from Bitcoin supporters that the people will move away from any ubiquitous coin which is being so abused, because the fact is the masses don't care. Once a crypto coin becomes ubiquitous we are stuck with that technology because the masses won't change their electronic unit-of-account and unit-of-exchange again. As long as the masses don't feel they are inconvenienced or troubled, they won't rise up to kill off such an insidious 49% attack that only blacklists those who don't comply with KYC. Instead for Bitcoin (perhaps with Lightning Networks for microtransactions) everyone will comply with KYC, not be blacklisted, and there will be no problem except for excessive taxation and global top-down command economy collapsing into a Dark Age that chokes off the Knowledge Age. For example, we can look forward to the EU, Obama, Putin, and China dictating to us what sorts of businesses we can't create, the net neutrality means we all pay through our nose an internet tax, and that we can't use encryption, etc.. Basically if we don't have permissionless commerce then the State can destroy humanity. That is way socialism dies. I'd prefer a permissionless release value so that the Knowledge Age can flourish and humanity can be free to conduct commerce without oppression of the Corporate-State-Fascism-Technocracy that we are sliding into now.

Note I have become more convinced that for technical and inertia reasons, Bitcoin can't scale even with Lightning Networks (because LN requires block chain scaling also for the worst case garbage collection surges and more importantly because LN isn't an end-to-end principled solution so it isn't always available and opaque to the ends thus it can't scale to spontaneous payments between 100s of millions of users). That isn't a 100% given, just my appraisal at the moment which is subject to adaptation. Thus I worry less about that NWO outcome coming from Bitcoin and instead worry more about the failure of Bitcoin and the implications thereof. But I think it is impossible the free market of hackers won't rise up with a solution. And I am one of them who is trying.

So that is one of the main reasons I have invented this new design, in addition to addressing the block chain scaling issue and the 1 second microtransaction instant confirmations issue (which is necessary to serve the viral growth I am planning for my marketing strategy). It all fits together. But executing this is a major undertaking and challenge for one past-middle-age man in a room in the Philippines (who also happens to have some sort of strange inflammation illness that mimics autoimmune disease such as Multiple Sclerosis, neuropathy, or something akin to that).

Edit: I explained to monsterer upthread, how I claimed to have reduced the electricity for PoW chain to an insignificant amount, thus correcting another long-standing issue with Satoshi's design.

If these claims sound like magic, then great. I prefer it to stay that way until I have already something launched. I have already revealed enough information that someone very determined could prove that my design is legit and implement it on their own. But that someone would need to be quite skilled. I am not spelling it all out in a coherent single paper at this time, because I am trying to keep potential copycats blinded for now. I have carefully phrased these discussions so that someone of monsterer's caliber can hopefully get the gist of it. I think it is important to at least verify that he wasn't able to shoot it down immediately due to some simple flaw. He needs a more comprehensive description to fully develop his analysis though. I am under no obligation to reveal details now, because I haven't launched nor sold anything to this forum (nor to the public any where yet). I am revealing some details now.

Thanks for spelling it out for me guys. I still don't get one thing, why would the double spender need to prevent anyone else from winning a block forever?

Can't he just publish the series of blocks containing the double spend and stop mining as the honest miners will start mining on top of his last block? And when he wants to attack again start mining only then.

Marketing can't be vague:

Just as in the case that asymptotic computational complexity models don't guarantee that there aren't real world scenarios that deviate from the asymptotic case, the same applies in this case.

You can paint scenarios where it seems PoS and PoW both have risks. But the point of the asymptotic analysis is that at the extreme, mathematically PoS can't be persmissionless but in theory PoW could be if you can find a way to squelch the power of the longest chain to blacklist the minority. Even if you can't squelch that longest chain power, it remains true that theoretically the attacker of the PoW chain must continue attacking forever at unbounded cost of electricity (and updated hardware), else eventually the control returns to the honest minority.

Squelching the power to blacklist in the short-term appears to maybe be a form of anti-aliasing. I need to better conceptualize and explain this.

That's actually quite an elegant description. It says that if I own all the stake in a POS coin, I control it forever, no one else can mine a block for the rest of its existence. In POW you can't own all the hashes in the world forever (unless you have infinite electricity) because every hash has a cost, so your monopoly is only temporary.

People will argue that owning all the stake in the world is unrealistic, but in actual fact your level of control is directly proportional to your stake, so you can start causing problems much sooner and potentially cost free if you are shorting the coin.

Illodin please read my prior post where I point out the attacker can short the coin to leverage as an advantage the decline in the value of the coins.

monsterer is making a mathematical point. His point is actually tied to my point that the entropy is unbounded for PoW. In PoW, there is an unbounded cost to preventing anyone else from winning a block announcement forever. In PoS, there is a bounded cost. The shape of the curve that monsterer mentions never levels off asymptotically.

And that is why PoS can't be asymptotically permissionless, but in theory PoW can be. But Satoshi's design was not in the sense that the 49+% attacker could take control of the longest chain and blacklist the minority and potentially use this leverage the same as an attack on PoS could. Yet monsterer's point remains valid even for Satoshi's design in that the cost of sustaining the attack for PoW is an ongoing consumption of a resource, and for PoS it is only the initial cost of buying the stake which could be completely recovered already by shorting the coin.

smooth there is your proof that there is a categorical distinction in the security. QED.


Lol. I am the guy who has two flat tires and no time to get them replaced. I been intending since September to refill the Gasol for cooking, but instead the girls have to use an electric burner (@ $80 per month!) because I had no time to drive 1 km over to the Gasol station. Yeah common sense doesn't seem to apply to a chicken running around with his head cut off. I'll post a pic my gf snapped of me working so you can see what I mean. I laughed.

Note all my supplements lined up on my desk. Note the lack of a shower since early October.

I'm not sure what you're asking any more and I don't have time to keep trying to get the point across. If you're interested, please read up on the maths and other issues in more detail.


Have you considered getting a laptop? Get one with a high enough res screen that during normal operation you can plug it into a monitor, then when your power goes out you can continue to work on the built in screen.

monsterer was correct yesterday about other weaknesses in Dash. And I need to explain why my design doesn't have those same weaknesses. Guys plz wait I am catching up on messages. I will be back to explain soon...

Similar in being able to double spend only a short while until people notice what's up and dump their coins and/or stop accepting them as a payment. Does the superlinearity effect get to matter enough to offset the fact that if you crash the currency your masternode coins are now worth zero but you could still sell the mining facilities and hardware and recoup some of the cost?

Not at all similar. Outpacing the chain in POW is super linear in the number of blocks, that means the more blocks you need to produce, the higher the cost to you and this relationship is a curve which curves upwards towards 'very high cost'.

Once you own some masternodes, the cost is zero for the attacker.

I am bringing a conversation about block chain consensus over from the wrong thread to this one which is more applicable to recent discussion of my design, Dash's, etc..

I can see there was no way for me to respond without being forced to do the work that I was trying to delay since it isn't the highest priority for me.

We had our 2 hour daily brownout so I wasn't able to complete my thoughts. I was actually editing the prior post when the brownout hit. I haven't had time to get a battery backup set up (the high quality charger and inverter can't even be purchased here and was on order from the USA since July but another thing on my TODO list that this chicken running around with his head cut off can't keep up...because my waking hours are finite).

jl777 (and others, actually jl777 didn't start the thread I am referring to) had made the argument (many moons ago, not necessarily reflecting his opinion now as all of us are continually learning) that someone who purchased stake to game theory control a proof-of-stake coin would not have an incentive to do so because they wouldn't be able to extract their stake fast enough on the exchanges if they did something harmful to the coin that negatively impacted its market value. I pointed out (some months after that thread had died) that logic doesn't hold true if it is possible to short the coin. The profit can be attained external to the coin itself, i.e. another example of unbounded entropy of life (Second Law of Thermodynamics). I am thinking the reason this relates to my attempt at a conceptual proof of P ≠ NP (and also to my point today to smooth about why Zerocash anonymity is paradigmatically distinct from IP obfuscation), is because it is yet another example of where unbounded entropy can't be made into a barrier (other than Coasian barriers which fail in waterfall collapse).

Many want to argue against PoS making the point about nothing-at-stake (the ability to apply your stake to multiple chain candidates simultaneously because no external resources are consumed by applying stake unlike PoW where electricity is consumed and each hash computed is unique to that chain). But I don't view nothing-at-stake as the fundamental issue. The fundamental issue is that the entropy of stake is bounded. Thus if you own sufficient stake you can control every single outcome of the mining. No matter how you jumble it to make it more difficult it remains the fact that finite entropy can be known a priori and thus controlled. This is the point I (as AnonyMint) made to the author of Decrits back in 2013 on bitcointalk.org. Whereas with PoW, even if an entity controls 99.999% of the hash power, no one can win every block announcement unless they have 100% of the hash power. Now with Satoshi's design that fact didn't help security once the adversary had 49+% of the system hash power because the adversary could always form a longer chain that blacklisted the block announcements of the minority. But in my reformulation of PoW, I claim that (in theory) even a 99% adversary can't monopolize and destroy the permissionless quality of the consensus.


One might argue that if it ends up being a comparison between controlling 100% of the stake versus 100% of the PoW, there is no distinction. The distinction remains that the stake is finite and bounded by the money supply (even if it is increasing, we know what it is a priori), thus one can know (even if the calculation is very jumbled and obfuscated) when they've acquired sufficient stake to control the outcome of mining (and thus double-spends, force their changed protocol on the minority for complex reasons, etc). Whereas, PoW is always unbounded. On any block announcement, no one can't predict a priori how much PoW resources will be applied to solving it. And this is only possible because PoW is an unbounded, consumed resource and PoS is a bounded, unconsumed resource. I am currently developing an abstract conceptualization that this is very much analogous to the dichotomy (duality perhaps) of categories that I believe can maybe be employed to prove P ≠ NP.

What this categorical theory tells us is that PoS can't be permissionless and PoW can be. Up until recently, apparently no one had figured out how to make PoW permissionless against a 49 - 99% adversary. I claim to have solved that. Yes there are tradeoffs as guaranteed by the CAP theorem.

PoS is a private club of trust and reputation. It is not a mathematically trustless paradigm we can use to make a decentralized paradigm for the internet.

Not equal, but similar enough. You can double spend for a while until no one trusts the currency or low confirmation numbers anymore.

No.


Ok, so I'll make this easy to understand. Say I buy up enough bitcoin mining hardware to actually stand a chance at creating a double spend and I spend an equal amount of money acquiring masternodes. Is this situation equal from the attackers perspective?

The answer is no. Because I still have to use my bitcoin miners to outpace the rest of the entire network in order to build the longest POW chain. My masternodes have no such trouble, for them, creating a quorum is completely free of cost, therefore so is the attack.

Before I do that (please consider I'm not a crypto developer, just a random user with cursory knowledge compared to you guys), could you even give a hint does it involve having 50% of the mining power as well?



I don't think I claimed it did. Anyone (with enough resources) could buy up all Bitcoin miners and do what ever he wants with them. Should I dump all my BTC asap?

Regarding shorting, to be able to short there needs to be actual coins on an exchange so they can be sold in the first place. Most coins are in the masternodes, a lot are in hot/cold storage controlled by random holders/users, and a tiny percentage is in the exchanges, and even tinier percentage of those are being offered for shorting. Hard to make profit shorting considering the amount of masternodes you'd have to own. Of course the possibility to do so is there, but it's not as simple as it's being made out to be.

Read the thread and find out.


Yes, this is the common rhetoric we hear from POS stake disciples as well. Despite the fact that you can short coins on exchanges these days, this argument does nothing to dissuade the irrational attacker.

When an InstantX lock is achieved (takes a couple of seconds usually) and broadcasted (and the merchant will see in his wallet the tx got IX comfirmation), how do you propose to reverse that?



If you own a majority of masternodes why would you do something that undermines your wealth? The 1000 coin collateral is there for a reason and that is to have an incentive for the nodes to act in the best interest of the network.

They might well be recorded in the blockchain, but what use is that to a merchant who accepted the deposit (at 0 confirms) and took irreversible action when the transaction was confirmed?


Rather like accepting a transaction at 0 confirmations... except it gives merchants a false sense of greater security which is actually really bad in general.

That is not how it works. Masternodes would lock outputs based on a signed request. No other masternodes would (unless hostile) approve a conflicting lock. There doesn't seem to be any real mechanism for enforcement other than assuming masternodes play nice. (There is no risk to collateral for example.)

In the event that masternodes do create a conflicting locks, then PoW blocks will resolve the conflict. I don't really understand how a merchant is supposed to rely on this, since a conflicting lock can be discovered after the merchant has accepted the supposedly "confirmed by IX" payment.

I guess it is intended for low value casual payments like buying coffee. No exchanges accept it afaik.

Afaik InstantX and Evolution are different designs. InstantX was where you presigned (on the block chain) your UTXO to a masternode so you can spend it instantly in the future with that masternode as the designated confirmer.

Evolution is where all UTXO are eligible to be instant signed by the quorum that applies to your UTXO. The quorum changes periodically (every N blocks) based on hashes from ancient history of the block chain.

My understanding is these instant confirmations are still recorded in the block chain and if they are a double-spends, they are not recorded in the block chain. That is why the block chain size scaling issue (that is causing scaling problems already for Bitcoin) is not addressed by Evolution. Evolution is not a high volume microtransaction platform even if it didn't have the other flaws I enumerated.

Since you can only spend on one quorum (or for instant x, then one designed masternode), then it is normally impossible to double-spend.

The double-spend risks comes from the holes in their design that I enumerated in my prior post(s).

The whole point of instant X is that it lets you accept 0 confirmation transactions, so by the time a block has been generated by a miner, this attack has been pulled off already. If you need to wait for a block, you might as well scrap it and just use plain POW?