Author

Topic: Proof of Hash proposal (Read 1108 times)

member
Activity: 118
Merit: 10
June 18, 2014, 04:56:52 AM
#8
You need check out your sources most things that OP are pointing out are completely wrong
kjj
legendary
Activity: 1302
Merit: 1026
June 16, 2014, 11:39:18 PM
#7
Thank you for your comments
The issue with not unified memory pool is solved once a block is published. If some node does not have that TX then that node should ignore the block until it can verify that all the transactions in it are in the network. I think this is what current protocol works. Because that issue would affect PoW also I think.

No, this is not how the network works.  Not even close.

Please browse this board for a while.  Most (all?) of your ideas are already here, complete with discussions revealing how and why they don't work.
full member
Activity: 547
Merit: 105
Bitcoin ya no es el futuro, es el presente
June 16, 2014, 08:25:00 PM
#6
With PoH every owner of enough coins can participate securing the network by having only the last 5-10 blocks with addresses balances in the memory, with almost no power usage.

It would be difficult to beat an increasing number of wallets for someone willing to do a 51% attack. To get this risk that person must have 51% of the addresses containing 25 of more coins with 30 days of coin age.

I think this also discourages selfish minting because best score with highest number of transactions always win. And well connected nodes like PoW pools will help also because they can have in their memory pool most if not all transactions, and can reject blocks that are not with the best score, simply by not broadcasting them again.


This also mitigates the risk of an entity that wants to trash the network growing difficulty of PoW and then stop mining. Currently this can cause a longer than normal time to validation of transactions. With PoW+PoH combination the maximum time for a block confirmation will be 610 seconds. And if too much PoW power arrives to the network, the difficulty of PoW will grow, making PoH best in the future.

This should reduce costs of energy, decentralize block validation, and encourage minting participation by many other people.

Current miners could keep their hardware mining for a while until PoH overtakes PoW. After that there is not incentive to increase computing power, but only to hold it to keep difficulty stable.
full member
Activity: 547
Merit: 105
Bitcoin ya no es el futuro, es el presente
June 16, 2014, 08:12:57 PM
#5
This is an example of how this idea works.

Lets be 3 node network that want to mint new coins HM1, HM2, SfM.
2 of them are honest minters, while the third is selfish minter.
The honest minters have only 25 coins each one, in a single address with the 30 days of coin age.
The hash of the address of HM1 is 0x1111, for HM2 is 0xbbbb and the hashes for SfM's addresses are from 0x1000 to 0xa000
The selfish minter has 10 times more coins, 25 coins, in 10 addresses with the 30 days of coin age.
Block reward is 25 coins.
Addresses and hashes are only 16 bit long for an easy example.
The selfish minter is better connected to the network than the honest minters.
Some other, non minter nodes (like cellphones, or web wallets) send 3 transactions to the network, Tx1, Tx2 and Tx3.

The example begins here

In the block receiving window (second zero to second 590 since last block):
HM1 receives Tx1 and Tx2
HM2 receives Tx2 and Tx3
SfM receives Tx1, Tx2, and Tx3

The three of the minters enter the PoH block minting window of 20 seconds.
HM1 generates a block with his memory pool and gets the hash of it. Let suppose that the hash is H1=0x1234
HM2 generates a block with his memory pool and gets the hash of it. Let suppose that the hash is H2=0xabcd
SfM has many options. He first generates a has of the three transactions, H3=0x7437, then he can calculate the hash equal to H1 and H2, and also can calculate the Hash H4 of Tx1 and Tx3 H4=0x2731, and of course he can calculate the the hash of every single transaction and also calculate the hash of the empty block. This leave many options to the selfish minter.

Because in this example every address has the same coin age of 0x1a5e0 (30 days * 24 hours * 6 blocks per hour * 25 coins in the address) in this example all the score depends of the match with the block's hash.

HM1 can get in which place he is using the data he has in the block chain. Because addresses must have settled funds with more than 30 days, every synced minter knows very well who has what.

HM1 gets that the difference between the block and his address is 0x0123, and the score is 0x0123/0x1a5e0 = 0.00b09546c
HM2 gets that the difference between the block and his address is 0x0fee, and the score is 0x0fee/0x1a5e0 = 0.09aa973fa
SfM gets that scores and also the scores of all the combinations
All the combinations they get are:



Here HM1 sees clearly that he is the winner, because he has the best score (lowest value).
Also HM2 sees that he is not the best but is inside the top ten, so he could be winner if nobody with better score broadcast the block.
Then, the SfM can see that he can be winner in every combination but in column C. The simple fact that he is has the best score on B should be enough to broadcast the block immediatly, but suppose that he thinks that he can broadcast another block because he knows the solution for a Proof of Work hash with other set of transactions and pretends to send both, or because fees in another combination are higher. He then tries to send another block, but whichever other block than the block in B will be of lower quality because has less transactions. And if he sends other block like in column E, he loses because column C has better score.

So a selfish minter does not have incentive to send a lower quality block.


In this case, the SfM will be forced to send the highest quality block, with better score, because if he doesn't send it he will lose the opportunity, and it is also the possibility that HM1 or HM2 will receive the missing transaction before the 20 seconds window and broadcast a block with 3 transactions, that will win over any other that SfM send if he keeps his 3 transaction block for later.

After the 20 second window, most of the network should know all the candidates and will chose the best. SfM should had broadcasted the block ad B10 if he wants to be the winner. If not, then C14 will be the winner, and the networks adds that block. If that's the case, transaction Tx3 is then added to the next block. If the SfM sends the 3 TX block, then the next block starts without transactions in memory pool.
full member
Activity: 547
Merit: 105
Bitcoin ya no es el futuro, es el presente
June 16, 2014, 04:00:40 PM
#4
Quote
If a block is broadcasted at the same time of another different block, and both are valid, the block that has more transactions wins.
Things like this make selfish mining much easier.  I find a block with a very good ratio with all txs and I don't publish it.  I then try to find an inferior but still good enough and publish that one.  Once my competitors start working on the false chain in secret I mine off the better one and if I find a block I publish both back to back.  If I don't find a block I publish the better one before whatever max latency limit passes and I have lost nothing.  Unlike selfish mining where the longest chain wins, I have nothing to lose by engaging in selfish mining.  I have essentially stacked the deck because some blocks are better than others and I can make sure that I always know about the better one.

It is an interesting idea but as presented would be non-deterministic and thus very easy to game.  There would be no reason to "mine" fairly and plenty of incentive to mine unfairly.  This would make reorgs more frequent and deeper and would discount the security of transactions.  6 confirms is considered very secure not because 6 is a magic number but because the probability of reorgs more than 6 blocks deep is very rare unless an attacker has a majority of the hashrate, if reorgs are more frequent and deeper then one would need a higher number of confirmations to have similar assurances of security.

The problem here is that the best one wins. If the selfish minter sends a block with lower score then someone with better score will.

Also a limiting thing here is that the selfish minter must have high amount of coins sparse on high amount of addresses, that have at least the same number of coins as the block reward (currently 25) and that have coin age of about 30 days. That could make it very expensive, because that coins are tied and cannot be used if one wants to have a chance to mint a block with that address.

Another limiting thing is that there is only a 20 second window when minting can be done. After that the block hash must be recalculated, so a selfish minter wins nothing. If he found a valid block he should be it faster to be inside the 20 second window. If he waits to send, then he risks that the previous calculations are not valid anymore. And of course, because only one in the best 10 of the block can sign the block, the selfish miner must build the block in a way that anyone can have higher score or he risks to be the second in the list.

full member
Activity: 547
Merit: 105
Bitcoin ya no es el futuro, es el presente
June 16, 2014, 03:50:23 PM
#3
Thank you for your comments
The issue with not unified memory pool is solved once a block is published. If some node does not have that TX then that node should ignore the block until it can verify that all the transactions in it are in the network. I think this is what current protocol works. Because that issue would affect PoW also I think.

About the issue of trying different transactions to find one that is the best match, well, the attacker only has 20 seconds to do that until someone sends a signed block. Also if there is other signed blocks that have higher number of transactions they are going to be preferred. Because the process of mining/minting is for signing transactions and securing the network, a block that secures more transactions is more valuable to the network than one that secures less transactions. If two or more signed blocks are in the candidate list when the 610 seconds since last block target is reached, then the one that has more transactions wins.

donator
Activity: 1218
Merit: 1079
Gerald Davis
June 16, 2014, 03:37:48 PM
#2
Quote
Every miner in the network can know this in a deterministic way. This is the Best Ratio.

The is no unified view of the memory pool between all nodes.  Different nodes may have different views of what txs exist at any point in time.  Say a node publishes a block which has a high score (ratio) for the tx in that block but that block contains tx your node isn't aware of and/or doesn't include some tx that your node is aware of.  Is the block valid or invalid?

One could engage in mining PoH blocks by continually creating a new slightly different tx (and thus different tx hash) to change the hash of the tx set until the miner/attacker finds one which gives it the best ratio and publishing only that block.

Quote
If a block is broadcasted at the same time of another different block, and both are valid, the block that has more transactions wins.
Things like this make selfish mining much easier.  I find a block with a very good ratio with all txs and I don't publish it.  I then try to find an inferior but still good enough and publish that one.  Once my competitors start working on the false chain in secret I mine off the better one and if I find a block I publish both back to back.  If I don't find a block I publish the better one before whatever max latency limit passes and I have lost nothing.  Unlike selfish mining where the longest chain wins, I have nothing to lose by engaging in selfish mining.  I have essentially stacked the deck because some blocks are better than others and I can make sure that I always know about the better one.

It is an interesting idea but as presented would be non-deterministic and thus very easy to game.  There would be no reason to "mine" fairly and plenty of incentive to mine unfairly.  This would make reorgs more frequent and deeper and would discount the security of transactions.  6 confirms is considered very secure not because 6 is a magic number but because the probability of reorgs more than 6 blocks deep is very rare unless an attacker has a majority of the hashrate, if reorgs are more frequent and deeper then one would need a higher number of confirmations to have similar assurances of security.
full member
Activity: 547
Merit: 105
Bitcoin ya no es el futuro, es el presente
June 16, 2014, 03:13:41 PM
#1
Looking at two major issues with current block validation (51% attacks and huge amount of energy required, that will tend to grow in the future) I designed this hashing system, that I called Proof of Hash



For one to be able to sign a block, he needs to:

  • Use all the transactions in memory that has enough fee, are valid, does not contains previously spent transactions to form a block.
  • Generate a hash of the block
  • Look for the binary version of the addresses with coins that:
  • Have at least max(4383,number of blocks since genesis block) confirmations (365.25/12 days, about 1 month), and get the arithmetic difference between the number represented by that address and with the block hash.
  • Have at least an amount of coins that is the same size as current block reward.

  • Divide by the coin age (number of coins in that address multiplied by the number of confirmations).
  • Coin age could not be zero nor negative.
  • The smallest result is the best one. That is, one that has great coin age in an address that is the most similar to the block hash is who can sign the block. Every miner in the network can know this in a deterministic way. This is the Best Ratio.

Once a miner knows that he can mint a block it groups all the transactions, sign them and broadcast them. The other minters knows that this is the one that should do the task previously, so they accept it.

If more than one address has the same Best Ratio, then first block is accepted.

If a block is broadcasted at the same time of another different block, and both are valid, the block that has more transactions wins.

If for some reason like split brain issues the chain forks, the largest chain in means of transactions wins. But if merging can be done without double spending, then the possible blocks are added the the winner chain.

Use combined mining and minting. Whoever signs the block first, wins. This way current miners can still mine, but difficulty will make it harder to reach the 10 minute target with PoW, while PoH will mint every 10 minutes, because it is based on luck, not on computer power.

The signing window for PoH starts 10 seconds before the 600 seconds target, and ends 10 seconds after that. One of the 10 best matches of PoH can sign the block. After the 610 second since last block, the signed block that is the greatest in match with the block hash will win.

If no block is sent with PoH, then it will be mined by regular PoW.
Jump to: