Topic: Obyte: Totally new consensus algorithm + private untraceable payments - page 1071. (Read 1234271 times)

How can you "nulling the top 2-5% of BTC wallets"? If you do so, people can easily split BTCs into different wallets and make the requests, you won't be able to achieve your goal at all.

Then there will be a high probability that the system can't find 11 matching, if you give the right to everyone to edit his list freely. A better way is possibly the byteball website provide a list of say, 20 witness, that everyone can randomly pick 12 out of it. If you let people to choose randomly, then I can see it will be easily mismatch and your 11/12 rule may not work.

It's not really unfair? like provable math wise or you mean just average people common sense wise? sometimes you have to see through the eyes of the average person who will reason without doubt that rewarding those that are already super rich with the lions share is not fair at all.

If you wish to start a poll on the main board discussing it and sampling opinion then go ahead. I am certain you will not find many in the alt section will share your views. Since your main initial market will be the altcoin traders then this is the market that is important to you.

This has been discussed MANY time before in the alt main board and the vast majority are very much against new coins being distributed like this.

Without nulling the top 2-5% of BTC wallets you can ensure this will have the "unfair" tag attached to it in the future. It is a major criticism which has been voiced in this thread a great many times already. Why not eliminate this criticism or reduce it and not have to beg the big icos and exchanges to do the right thing. The random snapshots will stop them breaking down their wallets to smaller amounts.

The only thing here is the dev can not be accused of gaming it for his gain especially since unless he is a btc super whale or has agreements with those that control a substantial amount of BTC then he could end up having less than any whales that decide to claim or any exchange that does not play ball. Not sure either of those things is a great scenario. The worst aspect for him really is having other large ICO funds dumping BB on the exchanges to fund rival projects. I mean jl777 saying he will not pocket the money but rather fund komodo with it is fair enough what else could he do other than not claim (if he even said this anyway) but how is that good for BB?

It's not really unfair? like provable math wise or you mean just average people common sense wise? sometimes you have to see through the eyes of the average person who will reason without doubt that rewarding those that are already super rich with the lions share is not fair at all.

If you wish to start a poll on the main board discussing it and sampling opinion then go ahead. I am certain you will not find many in the alt section will share your views. Since your main initial market will be the altcoin traders then this is the market that is important to you.

This has been discussed MANY time before in the alt main board and the vast majority are very much against new coins being distributed like this.

Without nulling the top 2-5% of BTC wallets you can ensure this will have the "unfair" tag attached to it in the future. It is a major criticism which has been voiced in this thread a great many times already. Why not eliminate this criticism or reduce it and not have to beg the big icos and exchanges to do the right thing. The random snapshots will stop them breaking down their wallets to smaller amounts.

The only thing here is the dev can not be accused of gaming it for his gain especially since unless he is a btc super whale or has agreements with those that control a substantial amount of BTC then he could end up having less than any whales that decide to claim or any exchange that does not play ball. Not sure either of those things is a great scenario. The worst aspect for him really is having other large ICO funds dumping BB on the exchanges to fund rival projects. I mean jl777 saying he will not pocket the money but rather fund komodo with it is fair enough what else could he do other than not claim (if he even said this anyway) but how is that good for BB?

If you can't find such parent, you can't send any transaction.  But remember, although it is the default behavior to choose parents among the most recent childless units, you don't have to behave this way, you can also choose an older parent if it is compatible with your witness list.

You edit your witness list in your wallet.  Obviously, having full control also means being able to hurt yourself (not fatally, though).

It's not really unfair? like provable math wise or you mean just average people common sense wise? sometimes you have to see through the eyes of the average person who will reason without doubt that rewarding those that are already super rich with the lions share is not fair at all.

If you wish to start a poll on the main board discussing it and sampling opinion then go ahead. I am certain you will not find many in the alt section will share your views. Since your main initial market will be the altcoin traders then this is the market that is important to you.

This has been discussed MANY time before in the alt main board and the vast majority are very much against new coins being distributed like this.

Without nulling the top 2-5% of BTC wallets you can ensure this will have the "unfair" tag attached to it in the future. It is a major criticism which has been voiced in this thread a great many times already. Why not eliminate this criticism or reduce it and not have to beg the big icos and exchanges to do the right thing. The random snapshots will stop them breaking down their wallets to smaller amounts.

The only thing here is the dev can not be accused of gaming it for his gain especially since unless he is a btc super whale or has agreements with those that control a substantial amount of BTC then he could end up having less than any whales that decide to claim or any exchange that does not play ball. Not sure either of those things is a great scenario. The worst aspect for him really is having other large ICO funds dumping BB on the exchanges to fund rival projects. I mean jl777 saying he will not pocket the money but rather fund komodo with it is fair enough what else could he do other than not claim (if he even said this anyway) but how is that good for BB?

Okay so you are telling me that the current witnesses on the branch I am trying to create have to agree with 11 of 12 with my list of witnesses when they sign units on my branch? So this means the entire system has to agree on the same 12 witnesses for all main chains for the entire system?

If that is your design, then yes you can prevent my attack but at the cost of having 12 very entrenched witnesses which can never be migrated away from because political action never reaches 92% agreement.

So why not just use 12 federated servers and name this Visa, Mastercard, or Paypal instead? No need for the facade of a DAG nor to claim/insinuate by association to our Satoshi ecosystem that it is decentralized. Distributed is not same as decentralized.

Again, seems like you are assuming you can convince somebody with the number of your Sybil units.  And not just somebody -- the acting witnesses.  The acting witnesses, and other users likewise, are not going to change their own witness lists to stay compatible with your Sybil units.  Your Sybil units will be accepted into the DAG, but, being incompatible, they are not going to be selected as best parent, hence they have no chance to appear on the MC, hence none of them can ever become last ball (which necessarily lies on MC).

Byteball is a DAG of vertices named “units”, each which reference parent ancestor units. Units are either transaction events or delegate witness events. The DAG is effectively a variant of Transactions as Proof-of-Stake (TaPoS) as explained in section “2. Database structure” on page 5 of the Byteball whitepaper— a variant which doesn't require synchrony on additions to the database as explained in the same section on page 4. Each transaction event unit lists a set of 12 delegate witnesses which are the authority for selecting the “best parent” total order “main chain” from amongst all possible partial order chains in the parent DAG history of the said unit. W.r.t. to finality of transaction events, this set is only allowed to change by 1 delegate until a majority of the said 12 delegates have witnessed the main chain of the descendent children of the said unit. Finality of consensus is analogous to the end of an epoch and beginning of the next one. Byteball has either a security vulnerability that renders finality impossible or risks finality becoming stuck requiring a hardfork to rectify (and unlike DPoS there can't be an election to replace delegates).

Byteball doesn't employ proof-of-work to select the set of delegate witnesses nor to form a longest chain of consensus, because witness units are supposed to provide finality (but note the alleged vulnerability). Similar to Satoshi's proof-of-work, transaction fees are employed to prevent spamming and a portion is paid to delegate witnesses (and perhaps the payer portion is effectively burned as it is passed along?). These fees are not allowed to vary per some competing service providers in a free market; and instead per section “1. Introduction: Exchange rate” on page 3 are tied to the system wide exchange value of adding bytes to the database. Byteball has the incorrect monetary theory, because the confidence in and thus the value of money is greater the higher the senioriage[Armstrong]. This fixed fee design makes it uneconomic to issue some transaction events when the exchange price (and thus market capitalization) is too high or inadequate spam resistance when the exchange price is too low.

Additionally, it is unlikely that Byteball's 12 delegate witnesses won't become an entrenched monopoly because politics are power vacuums that attract the most cunning, ruthless, best liars; and because the voters would have to agree to only change one per epoch, yet large groups rarely attain 92% agreement on anything. Also the Byteball whitepaper admits in section “17. Choosing witnesses” on page 20 that it will depend on some trusted community servers providing advice on which witness to vote for, yet there doesn't appear to be sufficient objectivity in the design for community observers to even objectively detect and prove in every instance which delegate witnesses are misbehaving. The signatories of units necessarily being light clients for scaling and since they can't be online always are trusting “proofs” from witnesses they trust, thus aren't two-factor validation security.

[Armstrong] https://bitcointalksearch.org/topic/m.16749910

If what you are claiming (for your protocol design) is that a majority of the 11 old witnesses have to sign units on my secret chain for it to advance in terms of the stability point (i.e. that you don't let me select new witnesses when the old ones fail to sign), ....

... then the problem shifts to one where if 6 of 12 witnesses stop signing (or don't sign enough to provide convergence to a total order) then the stability point never moves forward in the entire system (not just on my secret chain). The entire Byteball system can become suck and nothing can become final.

Either way, it is a flaw. So which is your choice of poison in your design?

Edit: also I can devise an attack to side-step your protocol rule. Build a chain branch that has no double-spends and make it public. Gradually change my list of witnesses one-by-one on the units I sign as the old witness happily sign units on my chain branch to advance the stability point. I can spam with as many Sybil address signed units as necessary to convince the witnesses that my chain branch is "real". Then once I've got the old witness down to a minority, I can take my chain branch private and complete the attack I explained to you before.

Many people complain about limiting to the "richest" people, why so? in real life the people have more money will be easier to make more than those with less money. It's not really the unfairness.

Please re-read the part you did not bold, is it clear?
You can have millions of "users" on your secret branch but how would you make it appear more "real"?  Remember, you can't advance the stability point on your secret branch, hence you can't replace more than one witness with yours.  Let me know if anything's still unclear.

There are no separate transactions to pay solely for "gas".  The payment of the fee is included in every unit.

Imagine you have a $100bn business, then Byteball comes along and you get involved to some extent, but it is still a small part of your business.  Somehow, people come to believe that you are trustworthy enough, and they name you a witness.  Will you try to game the system?

Referring the part I bolded for emphasis, I can Sybil attack with numerous addresses. I can make my secret chain branch appear just as "real" as the public one. I can have millions of "users" on my secret chain branch (which are all controlled by me) with witnesses (which are all controlled by me) that aren't on the public chain branch.

I am calculating ~2000 bytes per Ethereum transaction and that is diluted since not all of those are smart contracts. I figure 10,000 bytes per smart contract might be the average, which is an order-of-magnitude higher than your example. And we are concerned here not with the average, but the outlier transaction that becomes uneconomic to do. So that might be 100,000 bytes.

Okay but the gas payment of a smart contract is typically a microtransaction.

But their reputation on the coin itself is only as valuable as the fees they can earn with that reputation. Their external reputation may still have the same value even if they profit by attacking, destroying, and shorting on the exchanges some two-bit altcoin. They don't have any huge stake in the coin itself, neither in the form of mining hardware investment nor in the form of opportunity cost of huge future fees forsaken. I am not going to waste my time arguing with someone who isn't well versed/experienced with economics. You asked me to present the flaws I see, so I have presented. I see no benefit to arguing. Either we can agree on rational truth, or not. I will submit if you provide a truthful and compelling argument. Otherwise it means I think you are incorrect.

Referring the part I bolded for emphasis, I can Sybil attack with numerous addresses. I can make my secret chain branch appear just as "real" as the public one. I can have millions of "users" on my secret chain branch (which are all controlled by me) with witnesses (which are all controlled by me) that aren't on the public chain branch.

Afaics your design has the "nothing-at-stake" flaw. This is a generalized flaw that applies to most designs that don't use proof-of-work. I suggest you read Vitalik's blogs about this:

https://blog.ethereum.org/2014/11/25/proof-stake-learned-love-weak-subjectivity/
https://blog.ethereum.org/2014/07/05/stake/


When I entered Dash's (DarkCoin's) thread and explained to Evan that he had a flaw. He invented masternodes to solve the problem. Dash then became the #1 anonymity coin, because I had helped him early identify a flaw.

Your second step (bolded) won't work, therefore all subsequent reasoning doesn't hold.
It won't work because it breaks one of protocol rules.
When you compose a new unit, you include a reference to last ball.  Balls are units that became stable (in your view), and last ball is the latest of such balls, AKA last stability point.  The rule says that your witness list must be compatible with that of last ball, and you are breaking this rule by introducing a second mutation.

That means that before introducing a second mutation you have to wait that your first mutation reaches stability, and this is impossible if your chain is secret and the old witnesses can't see it.

Can't I sign a unit that has as its parent the, differs by 1 witness from the, genesis. Then sign a unit that has as its parent the, differs by 1 more witness from the, unit I signed in the prior sentence. Repeat as necessary. All those witness can be ones I control which I have sign units in my chain. If necessary I can control different addresses to make it appear that many people were using this chain branch.

So I can build a secret chain branch that double-spends one of my units from the public chain, then I release this secret chain branch. Then it is entirely ambiguous which of the double-spends is first and which of the chain branches is the "real" one, i.e. finality was not reached and the "stability" point was not stable.

I repeat that afaics your design is flawed unless you set a static global list of 12 witnesses.

Typical multi-sig and smart contracts are not going to grow the size of transaction by orders of magnitude.

And I don't see much use of Byteball in microtransactions, in particular because we don't address the blockchain bloat (or rather ledger bloat) problem.

That would be true if the ability to earn fees were the only witness' stake.  But it isn't.  As I said, the stake is outside the system, it is the reputation, the trust, the business that a witness has in the real world and would damage if it were to misbehave.