Pages:
Author

Topic: PPCoin is NOT a decentralized cryptocurrency (Read 10995 times)

legendary
Activity: 1022
Merit: 1033
killer, I'd like to hear your input on the newest decrits proposal. It's everything proof of stake wishes it could be.  Grin

Sure, when I'll get a round tuit Smiley
hero member
Activity: 798
Merit: 1000
killer, I'd like to hear your input on the newest decrits proposal. It's everything proof of stake wishes it could be.  Grin
legendary
Activity: 1022
Merit: 1033
I've just looked through code of version 0.3...

Problem isn't in a lack of comments... If you have a couple of days you can easily figure out how it works. (Some comments are present, by the way.)

Problem is that the flaw I outlined back in August on 2012: https://bitcointalksearch.org/topic/m.1139483

Sunny changed weighting a bit, so numbers will be different. But idea is the same: it is secure only if number of active stake coins is large.
hero member
Activity: 574
Merit: 500
It's commented, just vaguely eg
"This fragment of code does this"

Still not happy. Especially with a project like this. Undecided

What's Sunny King's programming background? He's obviously brilliantly talented, but has he done many professional projects, or coded much in a team?
legendary
Activity: 1484
Merit: 1005
It's commented, just vaguely eg
"This fragment of code does this"
hero member
Activity: 574
Merit: 500
If the code is not documented then Sunny King is going to have to comb through every line and comment it. It's very important that his code be audited and he wont get maximal adoption if it's not. Many of us can read the code but if it's not commented then we don't know what it's SUPPOSED to do to check it against what it actually is doing.

I haven't seen the source code. Are you telling me it's uncommented?

If so, this is a big deal. I would sell all my PPC today and not touch it again with a 10 yard cattle-prod.
hero member
Activity: 714
Merit: 510
is all the ppc code os?

if so can't you just read through the code?
Yes. Everything is open source. However, recreating the design documents from the source code is like trying to learn about civil engineering from looking at how people build bridges.

Really???

I have found the opposite its only be reading and running parts of the code I can actually understand whats going on.....

the design docs are often not spot on/not useful.

you can learn civil by looking at bridges!!!

Yes but you cannot audit code that way. There is a difference. A security audit of code requires clear commenting and documentation of what everything does because even a slight variation or stray from that could be a major security hole.

Consider that software are just algorithms and if something works it should be able to be mapped out as an algorithm on paper. So the people saying the equations must work are absolutely correct. Then when we get the source code we can compare the source code to the equations and algorithmic proofs to determine it works as intended.

Without the algorithms, equations, etc, without the documentation of what everything does, it's much harder to audit. To audit you want the maximum number of eyes looking at it and understanding it which requires clean and clear documentation of both the source code and the blueprint the algorithms and equations behind that.
hero member
Activity: 714
Merit: 510
I really think the best thing Sunny King could do for the development of proof of stake currency is to discuss the potential weaknesses of the current system, what is currently done to combat those, and what ideas he might have for the future. I'd like to get involved, but I feel there's not enough clear information out there for me to get a good grasp of how the current implementation works and where its weaknesses may lie. I'd be extremely interested to read about this and I think proof of stake cryptocurrency is a worthy cause and, if done right, I imagine it could have both efficiency and security advantages over traditional proof of stake coins.

As far as I am aware there are no known vulnerabilities. It's just FUD.

There's a huge number of PPCoins traded daily and they are worth over 30 cents, if there was some known exploit it would have been carried out.


... Uh, what?
You could have said the exact same thing about Terracoin until quite recently, when the known exploit WAS carried out.
You could have said the same thing about BITCOIN until the external dependency bug that caused the blockchain to split in 2...

You would make a very poor software engineer if your security analysis was based on "Well, people are using it, and it works fine, so let's not even address this known method of attack simply because it hasn't happened yet."

"If it ain't broke, don't fix it" doesn't work because we are trying to plan for things that might break, i.e. obvious vulnerabilities that could be taken advantage of in a realistic situation.


The Terracoin saga backs up what I am saying. It's called empirical justification. People were at one point deliberately attacking Terracoin and trying to do double spends. You think they weren't trying to attack PPCoin either? Of course they were. Terracoin also crumbled under the pressure of ASICs. Do you think those ASICs decided not to bother mining PPCoin?

PPCoin has stood up to every challenge thrown at it so far. At the end of the day, empirically withstanding testing 'out in the wild' breeds confidence... it's what Bitcoin has had to do. Despite all the papers and discussions on it, there is no mathematical proof that the entire Bitcoin protocol is fail-safe. And no-one said "if it ain't broke, don't fix it', your reading comprehension is awful, so please spare me the condescension. And as for, "let's not even address this known method of attack", try reading my first sentence again and ask yourself why you're trying to say that to me.

Theoretical attacks are as important for consideration as practical attacks. Yes practical attacks should be addressed first but theoretical attacks must ultimately be addressed.
hero member
Activity: 714
Merit: 510
I really think the best thing Sunny King could do for the development of proof of stake currency is to discuss the potential weaknesses of the current system, what is currently done to combat those, and what ideas he might have for the future. I'd like to get involved, but I feel there's not enough clear information out there for me to get a good grasp of how the current implementation works and where its weaknesses may lie. I'd be extremely interested to read about this and I think proof of stake cryptocurrency is a worthy cause and, if done right, I imagine it could have both efficiency and security advantages over traditional proof of stake coins.

As far as I am aware there are no known vulnerabilities. It's just FUD.

There's a huge number of PPCoins traded daily and they are worth over 30 cents, if there was some known exploit it would have been carried out.


... Uh, what?
You could have said the exact same thing about Terracoin until quite recently, when the known exploit WAS carried out.
You could have said the same thing about BITCOIN until the external dependency bug that caused the blockchain to split in 2...

You would make a very poor software engineer if your security analysis was based on "Well, people are using it, and it works fine, so let's not even address this known method of attack simply because it hasn't happened yet."

"If it ain't broke, don't fix it" doesn't work because we are trying to plan for things that might break, i.e. obvious vulnerabilities that could be taken advantage of in a realistic situation.

Some people fail to understand the direct seriousness of this kind of design and programming. Peoples lives could hang in the balance of Bitcoin or alt currencies working. It's understandable that PPC doesn't work because it's not 1.0 and it's not even claimed to be a working product by Sunny King. It's in the beta phase and it's in that phase where all securities issues must be addressed.

If the code is not documented then Sunny King is going to have to comb through every line and comment it. It's very important that his code be audited and he wont get maximal adoption if it's not. Many of us can read the code but if it's not commented then we don't know what it's SUPPOSED to do to check it against what it actually is doing.
legendary
Activity: 2632
Merit: 1023
Yes. Everything is open source. However, recreating the design documents from the source code is like trying to learn about civil engineering from looking at how people build bridges.

Really???

I have found the opposite its only be reading and running parts of the code I can actually understand whats going on.....

the design docs are often not spot on/not useful.
Please feel encouraged to help create design documents based on the source code. I'll be available to revise them.

There are many important aspects about a cryptocurrency which are not readily available from the source code. E.g. Sunny chose to use a POW mining reward as a function of difficulty^4. What is the rationale for that? Ideally Sunny would have at least performed a calculation to derive good parameters. Unless many things are just random - but that would not qualify as design.

you can learn civil by looking at bridges!!!
Good luck trying to assess design flaws this way.

well, you can by NDT and other mechanisims, however os code is much different, I can go to the guts of every piece and test it individually...

what I usually do is rip out class by class, function by function and put in test rig code and throw generated (rather extreme) parameters at it to see if it behaves as expected and out a whole load of debug exceptions so you can verify your understanding....

I'm not sure what other people do....
donator
Activity: 994
Merit: 1000
Yes. Everything is open source. However, recreating the design documents from the source code is like trying to learn about civil engineering from looking at how people build bridges.

Really???

I have found the opposite its only be reading and running parts of the code I can actually understand whats going on.....

the design docs are often not spot on/not useful.
Please feel encouraged to help create design documents based on the source code. I'll be available to revise them.

There are many important aspects about a cryptocurrency which are not readily available from the source code. E.g. Sunny chose to use a POW mining reward as a function of difficulty^4. What is the rationale for that? Ideally Sunny would have at least performed a calculation to derive good parameters. Unless many things are just random - but that would not qualify as design.

you can learn civil by looking at bridges!!!
Good luck trying to assess design flaws this way.
hero member
Activity: 490
Merit: 500
is all the ppc code os?

if so can't you just read through the code?
Yes. Everything is open source. However, recreating the design documents from the source code is like trying to learn about civil engineering from looking at how people build bridges.

Really???

I have found the opposite its only be reading and running parts of the code I can actually understand whats going on.....

the design docs are often not spot on/not useful.

And can be intentionally misleading if you know that's where most will go to find the data....  the source is the only for sure way but we all understand that not everyone can read code or even all the numerous languages out there but if you can its the way togo.  Then there are those of us too lazy to care and are just happy with a working system who hope someone more motivated will look out for us lol :-)
legendary
Activity: 2632
Merit: 1023
is all the ppc code os?

if so can't you just read through the code?
Yes. Everything is open source. However, recreating the design documents from the source code is like trying to learn about civil engineering from looking at how people build bridges.

Really???

I have found the opposite its only be reading and running parts of the code I can actually understand whats going on.....

the design docs are often not spot on/not useful.

you can learn civil by looking at bridges!!!
legendary
Activity: 1022
Merit: 1033
As far as I am aware there are no known vulnerabilities. It's just FUD.

May I ask you what's your qualification? Forum bullshitter?

There's a huge number of PPCoins traded daily and they are worth over 30 cents, if there was some known exploit it would have been carried out.

Do you even understand what kind of "exploit" we are talking about?
legendary
Activity: 1344
Merit: 1001
I really think the best thing Sunny King could do for the development of proof of stake currency is to discuss the potential weaknesses of the current system, what is currently done to combat those, and what ideas he might have for the future. I'd like to get involved, but I feel there's not enough clear information out there for me to get a good grasp of how the current implementation works and where its weaknesses may lie. I'd be extremely interested to read about this and I think proof of stake cryptocurrency is a worthy cause and, if done right, I imagine it could have both efficiency and security advantages over traditional proof of stake coins.

As far as I am aware there are no known vulnerabilities. It's just FUD.

There's a huge number of PPCoins traded daily and they are worth over 30 cents, if there was some known exploit it would have been carried out.


... Uh, what?
You could have said the exact same thing about Terracoin until quite recently, when the known exploit WAS carried out.
You could have said the same thing about BITCOIN until the external dependency bug that caused the blockchain to split in 2...

You would make a very poor software engineer if your security analysis was based on "Well, people are using it, and it works fine, so let's not even address this known method of attack simply because it hasn't happened yet."

"If it ain't broke, don't fix it" doesn't work because we are trying to plan for things that might break, i.e. obvious vulnerabilities that could be taken advantage of in a realistic situation.

The Terracoin saga backs up what I am saying. It's called empirical justification. People were at one point deliberately attacking Terracoin and trying to do double spends. You think they weren't trying to attack PPCoin either? Of course they were. Terracoin also crumbled under the pressure of ASICs. Do you think those ASICs decided not to bother mining PPCoin?

PPCoin has stood up to every challenge thrown at it so far. At the end of the day, empirically withstanding testing 'out in the wild' breeds confidence... it's what Bitcoin has had to do. Despite all the papers and discussions on it, there is no mathematical proof that the entire Bitcoin protocol is fail-safe. And no-one said "if it ain't broke, don't fix it', your reading comprehension is awful, so please spare me the condescension. And as for, "let's not even address this known method of attack", try reading my first sentence again and ask yourself why you're trying to say that to me.
sr. member
Activity: 448
Merit: 250
I really think the best thing Sunny King could do for the development of proof of stake currency is to discuss the potential weaknesses of the current system, what is currently done to combat those, and what ideas he might have for the future. I'd like to get involved, but I feel there's not enough clear information out there for me to get a good grasp of how the current implementation works and where its weaknesses may lie. I'd be extremely interested to read about this and I think proof of stake cryptocurrency is a worthy cause and, if done right, I imagine it could have both efficiency and security advantages over traditional proof of stake coins.

As far as I am aware there are no known vulnerabilities. It's just FUD.

There's a huge number of PPCoins traded daily and they are worth over 30 cents, if there was some known exploit it would have been carried out.


... Uh, what?
You could have said the exact same thing about Terracoin until quite recently, when the known exploit WAS carried out.
You could have said the same thing about BITCOIN until the external dependency bug that caused the blockchain to split in 2...

You would make a very poor software engineer if your security analysis was based on "Well, people are using it, and it works fine, so let's not even address this known method of attack simply because it hasn't happened yet."

"If it ain't broke, don't fix it" doesn't work because we are trying to plan for things that might break, i.e. obvious vulnerabilities that could be taken advantage of in a realistic situation.
legendary
Activity: 1344
Merit: 1001
I really think the best thing Sunny King could do for the development of proof of stake currency is to discuss the potential weaknesses of the current system, what is currently done to combat those, and what ideas he might have for the future. I'd like to get involved, but I feel there's not enough clear information out there for me to get a good grasp of how the current implementation works and where its weaknesses may lie. I'd be extremely interested to read about this and I think proof of stake cryptocurrency is a worthy cause and, if done right, I imagine it could have both efficiency and security advantages over traditional proof of stake coins.

As far as I am aware there are no known vulnerabilities. It's just FUD.

There's a huge number of PPCoins traded daily and they are worth over 30 cents, if there was some known exploit it would have been carried out.
sr. member
Activity: 342
Merit: 250
I really think the best thing Sunny King could do for the development of proof of stake currency is to discuss the potential weaknesses of the current system, what is currently done to combat those, and what ideas he might have for the future. I'd like to get involved, but I feel there's not enough clear information out there for me to get a good grasp of how the current implementation works and where its weaknesses may lie. I'd be extremely interested to read about this and I think proof of stake cryptocurrency is a worthy cause and, if done right, I imagine it could have both efficiency and security advantages over traditional proof of stake coins.
donator
Activity: 994
Merit: 1000
is all the ppc code os?

if so can't you just read through the code?
Yes. Everything is open source. However, recreating the design documents from the source code is like trying to learn about civil engineering from looking at how people build bridges.
legendary
Activity: 2632
Merit: 1023
The way I see it, the goal of PPCoin should be to lead the Proof of Stake currency space. As such a leader, it is essential that a simple security model for how it works is prepared and presented. The model should be on the same "analysis complexity level" as Satoshi's whitepaper - it should make it easy for every capable person to validate the model's assumptions and predictions.
....
Isn't there a Grand Unifying Theory of PoS that is easy to analyze, "secure enough", and diminishes the significance of PoW as time progresses?
Unfortunately the community will have to reverse engineer the security model of ppcoin in an effort to document it. On that note I'd like to push the idea of a tournament scheme to introduce a habit of exploring the security of POS (https://bitcointalksearch.org/topic/ppcoin-stake-generation-tournament-152809). I haven't had time to work on the details, but the idea is out there and people should state their opinions.

The POS implementation in ppcoin and any of its derivatives is mainly broken at this time. There has been an acclaimed "fix", but based on my analysis all it did was to disguise the underlying problems. A practice which seems to be systemic for the development of ppcoin. However, that doesn't prevent people from bidding the price of ppcoin up - 99% of traders have no technical understanding.

The current POS implementation in ppcoin has the following problems:
1) No theory model on required stake granularity and steady state allocations for stake. I want to see a differential equation.
2) Missing incentive structure to perform transaction validation
3) No effective cost for working on competing branches with respect to the main chain
4) Reversibility between stake and coins - leading to a situation in which market price manipulations change the incentive structure for allocating stake

Especially 4) gets me worried. It exhibits opposite dynamics to POW. In POW, an increase in price encourages investments in hashing power and leads to a strengthening of the network, while in POS, an increase in price creates an incentive to move coins out of stake, effectively weakening the network. However 4) could be dealt with a protocol enhancement which prevents the reversibility between stake and coins.

I still stand by my assessment that ppcoin is an unfinished cryptocurrency. Any investments in it will evaporate as soon as the underlying flaws start to affect the resilience of the system. Buyer beware, drama included!

is all the ppc code os?

if so can't you just read through the code?
Pages:
Jump to: