Author

Topic: [PREANN] Securebits the new bitcoin (Read 250 times)

sr. member
Activity: 392
Merit: 892
newbie
Activity: 3
Merit: 0
May 27, 2019, 08:19:14 AM
#5
Pool miner algo windows wallrt  Huh Huh Huh

Preann wait please
Algo sha256
windows wallrt Huh
sourse Huh

In construction
newbie
Activity: 61
Merit: 0
May 27, 2019, 08:17:56 AM
#4
Pool miner algo windows wallrt  Huh Huh Huh

Preann wait please
Algo sha256
windows wallrt Huh
sourse Huh
newbie
Activity: 3
Merit: 0
May 27, 2019, 08:10:37 AM
#3
Pool miner algo windows wallrt  Huh Huh Huh

Preann wait please
Algo sha256
newbie
Activity: 61
Merit: 0
May 27, 2019, 08:09:07 AM
#2
Pool miner algo windows wallrt  Huh Huh Huh
newbie
Activity: 3
Merit: 0
May 27, 2019, 07:44:05 AM
#1
Summary. An exclusively peer-to-peer version of electronic money would allow online payments to be sent from one person to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a third party is still required to prevent double spending.

We propose a solution to the problem of double spending by using a peer-to-peer network. The network timestamps transactions by splitting them into a chain based on frames with "proof-of-work", forming a record that cannot be modified without redoing the proof-of-work. The longest chain is not only used as proof of a sequence of control events, but also proves that it comes from the most powerful CPU group. As long as the majority of CPU power is controlled by nodes that do not cooperate to hack into the network, they will generate the longest chain and outrun the hackers. The network itself requires a minimalist structure. Messages are broadcast on a "best effort" basis, and nodes can leave and join the network at will, accepting the longest chain of proof of work as proof of what just happened during their absence.

    Introduction

Internet commerce has come to rely almost exclusively on financial institutions that serve as trusted third parties in the electronic payment process. Although the system works well enough for most transactions, it still suffers from the weaknesses inherent in its trust model. Completely non-reversible transactions are not really possible, as financial institutions cannot avoid conflict mediation. The cost of mediation increases the cost of transactions, limiting the minimum useful transaction size, preventing the possibility of small current transactions, and also a significant cost in losing the ability to make non-reversible payments for non-reversible services. The possibility of reversibility brings a need for trust. Merchants must be suspicious of their customers, asking them for a lot of information they would otherwise need. A certain percentage of fraud is accepted as inevitable. These uncertainties of costs and payments can be avoided in person by using physical currencies, but no mechanism exists to create payments over a communication channel without a trusted third party.

What is needed is an electronic payment system based on cryptographic evidence instead of a trust-based model, allowing two parties to carry out transactions directly between them without the need for a trusted third party. Transactions that are computer incapable of being reversible would protect sellers from fraud, and escrow mechanism routines could easily be implemented to protect buyers. In this article, we propose a solution to the problem of double spending by using a time-stamped server distributed in peer-to-peer mode to generate computer proof of the chronological order of transactions. The system is secure as long as honest nodes collectively control more CPU power than cooperative hacker group nodes.

  The transactions

We define an electronic document as a chain of digital signatures. Each owner transfers the part to the next by digitally signing an imprint of the previous transaction and the next owner's public key and then adding all this at the end of the part. A beneficiary can examine the signatures to verify the chain of ownership.

Obviously, the problem is that the beneficiary cannot verify that one of the owners has not spent the coin twice. A common solution is to integrate a trusted central authority, or "mint", that checks each transaction to avoid double spending. After each transaction, the coin must be returned to the Mint to distribute a new coin, and only coins issued directly from the Mint are approved as not being the result of a double expense. The problem with this solution is that the fate of the entire monetary system depends on the company that runs the mint, with each transaction passing through it like in a bank.

We need a way for the beneficiary to know that the previous owner has not just signed transactions before. To this end, the very first transaction is the one that counts, so we do not worry about subsequent attempts at double spending. The only way to confirm the absence of a transaction is to be aware of all transactions. In the mint model, the mint was aware of all transactions and decided which one came first. To achieve this without a trusted third party, transactions must be publicly announced[1], and we need a system in which participants agree on a single history of the order in which they were received. The beneficiary needs proof that at the time of each transaction, the majority of nodes agree on the first transaction received.


    Time stamping servers

The solution we propose starts with a timestamp server. A timestamp server works by taking a piece of a block of products that need to be timestamped and then sharing it on a large scale, such as on a newspaper or Usenet article[2-5]. Time stamping proves that the data must have existed over time, of course, in order to be integrated into the print. Each timestamp includes the previous timestamp in its imprint, forming a chain of which each additional timestamp reinforces the previous one.

    Proof of work

To implement a timestamp server distributed on a peer-to-peer network, we will need to use a "proof of work" system similar to Adam Back's Hashcash system, rather than a newspaper or Usenet article. The proof of work requires to search for a value such that its fingerprint, calculated for example using the SHA-256 algorithm, starts with a certain number of bits at 0. The work required is exponential with the required number of bits at zero and can be verified by executing a single fingerprint.

For our time stamp network, we implement the proof of work by incrementing a variable in the block until a value giving a fingerprint with enough bits at 0 is found. When the CPU effort has been used to satisfy the proof of work, the block can no longer be modified without having to do it again. And while subsequent blocks follow one another after the other, the work to modify the block would require reworking all the subsequent blocks.

Proof of work also solves the problem of determining representation in majority decisions. If the majority were based on one IP address equals one vote, it could be hacked by someone who could allocate several IPs to themselves. Proof of work is essentially based on a CPU equals one vote. The majority decision is represented by the longest chain, which has the greatest proof of work. If a majority of CPU computing power is controlled by honest nodes, then the honest chain will grow fastest and exceed any competing chain. To modify an old block, the pirate would have to redo all the proof of work of the block and all the following blocks, then catch up and exceed the work of honest nodes. We will later show that the probability that a hacker with low CPU power can catch up decreases exponentially as more blocks are added.

To compensate for the increase in computing speed and the changing interest in operating network nodes, the difficulty of proof of work is determined by a moving average targeting an average number of blocks per hour. If the blocks are generated too quickly, the difficulty increases.


    Network

The steps in the operation of the network are as follows:

    1- New transactions are broadcast to all nodes.
    2- Each node gathers the new transactions in a block.
    3- Each node works to find a difficult proof of work for its blocks.
    4- When the node finds a proof of work, it distributes the block to all nodes.
    5- Nodes accept the block only if all transactions inside are valid and have not already been spent.
    6- The nodes express their acceptance of the block by working on the creation of a new block in the chain, with the footprint of the accepted block as the previous one.

The nodes always consider the longest string as the correct string and will work on its extension. If two nodes broadcast different versions of the next block simultaneously, some nodes will potentially receive one or the other first. In this case, they work on the first receipt, but also register the other branch in case it becomes longer. The pear will be cut in half when the next proof of work is found and one of the branches becomes longer; the knots that were working on the other branch will then pass on the longer one.

The diffusion of new transactions does not necessarily need to reach all nodes. As long as they reach several nodes, they will integrate a block in a short time. Block delivery is also tolerant to lost messages. If a node does not receive a block, it will ask for it when it receives the next block and realize that one is missing.

         Incentive

By convention, the first transaction in a block is a special transaction that starts a new document belonging to the creator of the block. This encourages nodes to participate in the network, and provides a means of initial distribution of coins in circulation, as there is no central authority to distribute them. The regular addition of a constant amount of new coins is similar to a gold miner who expands his resources to add gold in circulation. In our case, it is CPU computing power and electricity time that is extended.

The incentive can also be financed by transaction fees. If the exit value of a transaction is less than the entry value, the difference is the transaction fee that is added to the incentive value of the block containing the transaction. Once a predetermined number of coins have entered circulation, the incentive will shift to financing based entirely on transaction fees, with no inflation.

Incentives can encourage nodes to remain honest. If a greedy hacker is able to assemble more CPU power than honest nodes, he would have to choose between scamming people by stealing payments or generating new coins. He must find it more profitable to follow the rules, which favour him with more new coins than anyone else combined, rather than undermining the system and the value of his own fortune.

    Save disk space

Once the last transaction of a coin is buried under enough blocks, the transaction previously spent can be abandoned to save disk space. To facilitate this without breaking the block footprint, transactions are cut from a Merkle tree[7][2][5], whose only root is integrated into the block footprint. Old blocks can be compressed by cutting branches from the tree. Internal fingerprints do not need to be registered.

A block header without a transaction weighs about 80 bytes. Assuming blocks generated every 10 minutes, 80 bytes * 6 * 24 * 365 = 4.2MBytes per year. With computer systems typically having 2GB of RAM in 2008, and thanks to Moore's law predicting the current evolution of 1.2GB per year, storage should not be a problem even if block headers must be kept in memory.

    Simplified payment verification

It is possible to check payments without using an entire network node. A user only needs to keep a copy of the block headers of the longest proof string, which can be obtained by asking the network nodes until he is sure to have the longest string, and he gets the Merkle branch linking the transaction to the block on which he is time stamped. He cannot verify the transaction himself, but by linking it to a position in the chain, he can see that a node in the network has accepted it, and the blocks added by following will confirm that the network has accepted it.

In this way, the verification is reliable as long as honest nodes control the network, but becomes more vulnerable if the network is caught by hackers with more computing power. Although network nodes can verify transactions on their own, the simplified method can be duped by a transaction created by a hacker as long as the hacker is able to control the network's computing power. One strategy to protect against this is to accept alerts from network nodes when they detect an invalid block, prompting the user's software to download the entire block and alerted transactions to confirm the inconsistency. Companies that receive frequent payments will probably still want to manage their own nodes for more security independence and faster checks.

    Combine and split values

Although it is possible to manage individual coins, it would be impractical to carry out split transactions for each cent during a transfer. In order to allow values to be combined and split, transactions have multiple entries and exits. Usually, there will be either a single entry from a larger previous transaction, or multiple entries combining smaller amounts, and at most two exits: one for payment and the other to give change, if necessary, to the issuer.

It should be noted that dispersion, when a transaction depends on several transactions, and these transactions themselves depend on many more transactions, is not an issue here. There is never the need to extract the complete history of a transaction.

    Confidentiality

The traditional banking model achieves a level of confidentiality by limiting access to information to the parties involved and trusted third parties. The need to publicly announce transactions excludes this method, however confidentiality can be maintained by breaking the flow of information at a specific level: by keeping public keys anonymous. Anyone can see that someone is sending an amount to someone else, but without any information linking this transaction to anyone else. This is similar to the level of information in stock exchanges, in which the time and size of each exchange, the "price", is made public, but without revealing the information of the parties involved.

As additional protection, a new key pair should be used for each transaction to prevent them from being linked to a common owner. Relationships are always inevitable with multi-entries transactions, which necessarily reveal that the entries belong to the same owner. The risk is that the owner of the key will be revealed, the link could reveal other transactions that belong to the same owner.

    Calculations

We consider the scenario of a pirate trying to generate an alternative chain faster than the honest chain. Even if this happens, it does not lead the system to arbitrary change, such as creating value from nowhere or taking money that does not belong to the pirate. Nodes will not accept invalid transactions as payment, and honest nodes will never accept a block containing them. A hacker can only try to modify one of his own transactions in order to recover the money he has just spent recently.

The race between honest chains and pirate chains can be characterized as a Binomial Random March. The success event is when the honest chain extends one block, increasing its lead by +1, the failure event is when the pirate chain extends one block, reducing the gap to -1.

The probability that a pirate will catch up on a given delay is similar to the problem of a bettor's bankruptcy. Imagine that a gambler with unlimited credit starts with a deficit and potentially plays an infinite number of tests to reach a break-even point. It is possible to calculate the probability that it will reach this threshold, or in our case that a pirate will catch the honest chain, as follows:

p = the probability that an honest node will find the next block

q = the probability that a hacker will find the next block

qz = the probability that a hacker will catch up from "z" blocks of delay.

According to the hypothesis that p > q, the probability drops exponentially when the number of blocks that the pirate must catch increases. If the odds are not on his side, if he does not get a burst of luck, his chances disappear as he sinks far into the chain.

We now consider the duration for the recipient whose transaction needs to wait before we are sure enough that the issuer can no longer change the transaction. We assume that the sender is a pirate who wants the recipient to believe that he has paid him for a certain period of time, and then ends up paying himself after that time. The recipient will be alerted when this happens, but the sender hopes it will be too late.

The recipient generates a new key pair and returns this public key to the sender quickly after signing. This prevents the transmitter from preparing a block chain in advance of phase by working continuously until it is lucky enough to be far ahead, then executes the transaction at that time. Once the transaction is sent, the dishonest sender secretly starts working on a parallel chain containing an alternative version of his transaction.

The recipient waits until the transaction is added to a block and z blocks have subsequently been linked. It does not know the progress of the pirate, but it assumes that the honest blocks have taken the average time expected per block, the potential progress of the pirate will behave like a distribution of Fish with the following expected value:

To obtain the probability that the pirate can catch up, we multiply the density of Fish for each amount of improvement he was able to make by the probability that he can catch up from that point:

By rearranging the equation to avoid summing the infinity of the distribution....

Conversion to C language....

#include

double AttackerSuccessProbability(double q, int z)

{

double p = 1.0 - q;

double lambda = z * (q / p);

double sum = 1.0;

int i, k;

for (k = 0; k <= z; k++)

{

double fish = exp(-lambda);

for (i = 1; i <= k; i++)

fish *= lambda / i;

sum -= fish * (1 - pow(q / p, z - k));

}

return sum;

}

After some calculations, we observe that the probability drops exponentially with z.

q=0.1

z=0 P=1.0000000000

z=1 P=0.2045873

z=2 P=0.0509779

z=3 P=0.0131722

z=4 P=0.0034552

z=5 P=0.0009137

z=6 P=0.0002428

z=7 P=0.0000647

z=8 P=0.0000173

z=9 P=0.000000046

z=10 P=0.000000012

q=0.3

z=0 P=1.0000000000

z=5 P=0.1773523

z=10 P=0.0416605

z=15 P=0.0101008

z=20 P=0.0024804

z=25 P=0.0006132

z=30 P=0.0001522

z=35 P=0.0000379

z=40 P=0.0000095

z=45 P=0.000000024

Results for P less than 0.1%...

P < 0.001

q=0.10 z=5

q=0.15 z=8

q=0.20 z=11

q=0.25 z=15

q=0.30 z=24

q=0.35 z=41

q=0.40 z=89

q=0.45 z=340


    Conclusion

We have just proposed a system for electronic transactions that are not based on trust. We started with the usual framework of currencies made from digital signatures, which provide strong ownership control, but which is incomplete without a way to avoid double spending. To solve this, we propose a peer-to-peer network using work evidence to record a public transaction history that quickly becomes impossible for a hacker to change in the event that honest nodes are controlled by the majority of CPU computing power. The network is robust due to its unstructured simplicity. Nodes work together with little coordination. They do not need to be identified, as messages are not routed to a particular location and simply need to be delivered in a best effort mode. Nodes can leave and join the network at their convenience, accepting the chain of proof of work as proof of what has just happened in their absence. They vote with their computing power, and express the acceptance of valid blocks by working on their extension and rejection of invalid blocks by refusing to work on them. Any necessary rules and incentives can be applied by a consensus mechanism.
Jump to: