Pages:
Author

Topic: Proof of Proof - an alternative to proof of ___ systems - page 2. (Read 2608 times)

donator
Activity: 2058
Merit: 1054
And even that is only if we can find a technical way to collect this money
We don't need a technical way to collect this money, we only need a technical way to require the expenditure of resources in exchange for security of the blockchain. This is exactly what we have.
Yes, we do. If the security requires expenditure of resources and nobody pays for it, there will be no security. If the total transaction fees are low, mining will only be profitable at a very low difficulty in which the security is low.

Quote
- the way things are looking, due to tragedy of the commons on the part of both users and miners, this will be quite difficult once the coinbase is out of the picture.
Mining is not a tragedy of the commons scenerio.  It's not even a commons, it's a competition.  As for users (I presume you mean transaction fees), it's arguablely a commons, but not necessarily a tragedy of the commons scenerio.  There are very real limits upon bitcoin transaction volumes, and these limts will create a market rate fee for timely transaction confirmations.  I've mentioned this many times in many threads in the past, but it's not reasonable to assume that in the future all or most bitcoin transactions will continue to utilize the blockchain.  This is almost certainly not going to be the case, any more than most fiat finacial transactions use the ACH or Swift banking networks.  Real & practical limits upon the transaction volumes will put upward pressure on the transaction fees, whileusers and groups of users will devise alternative networks to limit the number of their daily transactions that must use the blockchain.  Whole markets will spring up that share a Paypal-like wallet service.  Silk Road already does this to some degree.  Other markets will use networks more like MPesa, or Google Wallet.  Yet these alternativeswill olly occur if the fees grow too high.  Even teh current cost of a paid transaction, being roughly five cents, would total to well over the current block reward at any transaction volume approaching Paypal's transaction rate.
You are confusing the cost of handling transactions with the cost of hashing.

I agree that most payments will be off the blockchain (not in the ways that you described, though). But this will just make it more difficult to collect the fees that are needed to sponsor hashing. In any case, relying on the scarcity of resources for handling transaction in order to guarantee the payment of fees required for the completely unrelated issue of hashing is not robust.

PS the current fee is half a cent, not 5 cents.

You guys are making recommendations for changes that could undermine or destroy bitcoin.  If you really want to try it, do it on an alt-coin.  I want to see evidence that it's superior to bitcoin before I would even consider joining your efforts to alter bitcoin itself.
I didn't say we need to do it right now. I don't even know yet what "it" is. I'm saying this is a valid research issue that needs to be fleshed out and then experimented with, so that we're ready if it ever turns out necessary.
legendary
Activity: 1708
Merit: 1010
your pet issue with it is that it requires energy to work.
There's nothing special about energy. PoW requires money to work. Someone needs to pay for the amount of hashing required to protect the network, and it may mean Bitcoin is not as cheap to use as we would like.


For all intents a purposes, energy and money are the same thing with regard to PoW.  This does not change my argument.

The current financial system uses an order of magnitude more energy,
I've seen this argument many times, but never were there any numbers to back it up.


I've seen numbers to back them up, but I'm not going to go looking for them. Why should I?  I've never seen any credible logic to say that PoS is necessary.

but so what?  It's that very resource cost that makes a 51% attack not worth the effort.  If there is leverage employed int hte proof system, that same leverage can be used against the ssytem.  There is no way to avoid this possibility except to not employ leverage.
Mining is just a signal to synchronize transactions. As long as the power to signal is in the hands of those with the most incentive not to abuse it it should work. I see no justification for a conservation law saying the signal must be the waste of resources.

You believe it should work, and I believe that you believe that.  However, I don't believe that, and furthermore I don't believe it's necessary in any case.  You guys are making recommendations for changes that could undermine or destroy bitcoin.  If you really want to try it, do it on an alt-coin.  I want to see evidence that it's superior to bitcoin before I would even consider joining your efforts to alter bitcoin itself.

Quote

That said you have made some valid points about practical issues that will need to be ironed out.

Well, thank you for that, but I don't believe that you can iron them out, because your intentions to reduce resource consumption is what introduces the need for persistant forms of trust/authority that can be used by attackers to harm the system.  Sure, in most cases you would have the security of a PoW system at a fraction of the cost, but there are cases that will always exist that permit an attacker a much privilaged attack position, simply by identifying and compromising the right node with a 'trusted' status.  There is no way around this issue that PoW doesn't also do just as well for the same cost.
donator
Activity: 2058
Merit: 1054
your pet issue with it is that it requires energy to work.
There's nothing special about energy. PoW requires money to work. Someone needs to pay for the amount of hashing required to protect the network, and it may mean Bitcoin is not as cheap to use as we would like.

And even that is only if we can find a technical way to collect this money - the way things are looking, due to tragedy of the commons on the part of both users and miners, this will be quite difficult once the coinbase is out of the picture.

The current financial system uses an order of magnitude more energy,
I've seen this argument many times, but never were there any numbers to back it up.

but so what?  It's that very resource cost that makes a 51% attack not worth the effort.  If there is leverage employed int hte proof system, that same leverage can be used against the ssytem.  There is no way to avoid this possibility except to not employ leverage.
Mining is just a signal to synchronize transactions. As long as the power to signal is in the hands of those with the most incentive not to abuse it it should work. I see no justification for a conservation law saying the signal must be the waste of resources.


That said you have made some valid points about practical issues that will need to be ironed out.
legendary
Activity: 1708
Merit: 1010
I was wondering how long it would take before someone decided to mock all this 'Proof of X" bs.
With all due respect, proof of stake is a real solution to a real problem. (Which I have discussed at length elsewhere.)

I have no idea what some implementation attempts have made, I'm talking about designs such as those suggested by cunicula and me.

I've read your's and Cunicula's work on Proof of Stake.  It's not a solution to anything.  It's a security hazard.  As I've mentioned in those threads many times, and which tends to be ignored, is that PoS creates nodes with special 'trusted' status based on a prior proof of stake.  This moves the greatest of security risks from that of a 51% brute force attack in the case of PoW, to whatever security models are being used by the most trusted nodes.  Thus, the security of the blockchain is dependent upon the security of several different groups, any one of which could have a security flaw in their own systems that permits an attacker to gain access to their node, and thus turn a trusted node (with much PoS to be had) into a malicious node in an instant.  Furthermore, such trusted nodes cannot be audited for their own security by others.  PoW does not have such a problem, as it never elevates particular nodes into any form of trusted status, regardless of their past history.

While PoS has a long history in meatspace, it has nearly zero useful application in cyberspace.  Bitcoin's security model does not depend upon the security models of others.
1. The system is somewhat resilient against malicious stakeholders. You'd need to compromise a majority of voting coins to even think about an attack, and even then your power is limited. The existence of many different stakeholders is an advantage.

Somewhat resilient, in theory.  You make the assumption that compromising a majority of stakeholders would be difficult, but you cannot know if that is true.  I know exactly how difficult it is to defeat PoW, at any given point in time.  Knowledge of the issue is, in it's own way, a form of security.

Quote
2. The stakeholders have no shortage of ways to secure their voting rights, such as multi-signature transactions. That would make them much harder to compromise.


Harder, perhaps.  Impossible, no.  Impossible for a third party cryptocurrency user to audit that difficulty, yes.  What if Bitcoin were to use PoS?  How would, say, the US federal government go about attacking or undermining the system?  I can think of several methods that a well helled and well organized group, such as a soverign government who doesn't like Bitcoin, or a group like Anonymous, might be able to employ to take over the blockchain that could not be employed against PoW, period.  PoW is a simple & elegant solution, your pet issue with it is that it requires energy to work.  The current financial system uses an order of magnitude more energy, but so what?  It's that very resource cost that makes a 51% attack not worth the effort.  If there is leverage employed int hte proof system, that same leverage can be used against the ssytem.  There is no way to avoid this possibility except to not employ leverage.

Quote
3. Hashing is done on computers too, which can also be hacked. You might argue that a hashrate attack requires sustained control of the machines, but I think the same can be said about probabilistic proof of stake.

This isn't relevant.  Compromising a pool does not imply that said pool can do more than it already could, and is very likley to signal to the pool users to move to another pool.  While a PoS 'pool' retains the advantage simply by possession of the correct keypairs.  If I were to compromise your PoS miner, and take your keypairs, I might simply choose to wait to attack. i can wait for as long as you remain unaware that your keys have been compromised, and attack at will using your keys as well as those stolen from other major miners.  When the attack comes, it would be swift and without warning.  Another reason that the PoW system is not related to the account system.

Quote
Put differently, PoW definitely elevates particular nodes to trusted status - those that are in control of large hashrate.

Nonsense, because Trust in this context is persistant.  PoW has no persistant condition.  PoS most certainly does.  The leverage that such persistant trust modes present the trusted users with also presents an attack vector.
donator
Activity: 2058
Merit: 1054
I was wondering how long it would take before someone decided to mock all this 'Proof of X" bs.
With all due respect, proof of stake is a real solution to a real problem. (Which I have discussed at length elsewhere.)

I have no idea what some implementation attempts have made, I'm talking about designs such as those suggested by cunicula and me.

I've read your's and Cunicula's work on Proof of Stake.  It's not a solution to anything.  It's a security hazard.  As I've mentioned in those threads many times, and which tends to be ignored, is that PoS creates nodes with special 'trusted' status based on a prior proof of stake.  This moves the greatest of security risks from that of a 51% brute force attack in the case of PoW, to whatever security models are being used by the most trusted nodes.  Thus, the security of the blockchain is dependent upon the security of several different groups, any one of which could have a security flaw in their own systems that permits an attacker to gain access to their node, and thus turn a trusted node (with much PoS to be had) into a malicious node in an instant.  Furthermore, such trusted nodes cannot be audited for their own security by others.  PoW does not have such a problem, as it never elevates particular nodes into any form of trusted status, regardless of their past history.

While PoS has a long history in meatspace, it has nearly zero useful application in cyberspace.  Bitcoin's security model does not depend upon the security models of others.
1. The system is somewhat resilient against malicious stakeholders. You'd need to compromise a majority of voting coins to even think about an attack, and even then your power is limited. The existence of many different stakeholders is an advantage.

2. The stakeholders have no shortage of ways to secure their voting rights, such as multi-signature transactions. That would make them much harder to compromise.

3. Hashing is done on computers too, which can also be hacked. You might argue that a hashrate attack requires sustained control of the machines, but I think the same can be said about probabilistic proof of stake.

Put differently, PoW definitely elevates particular nodes to trusted status - those that are in control of large hashrate.
legendary
Activity: 1708
Merit: 1010
I was wondering how long it would take before someone decided to mock all this 'Proof of X" bs.
With all due respect, proof of stake is a real solution to a real problem. (Which I have discussed at length elsewhere.)

I have no idea what some implementation attempts have made, I'm talking about designs such as those suggested by cunicula and me.

I've read your's and Cunicula's work on Proof of Stake.  It's not a solution to anything.  It's a security hazard.  As I've mentioned in those threads many times, and which tends to be ignored, is that PoS creates nodes with special 'trusted' status based on a prior proof of stake.  This moves the greatest of security risks from that of a 51% brute force attack in the case of PoW, to whatever security models are being used by the most trusted nodes.  Thus, the security of the blockchain is dependent upon the security of several different groups, any one of which could have a security flaw in their own systems that permits an attacker to gain access to their node, and thus turn a trusted node (with much PoS to be had) into a malicious node in an instant.  Furthermore, such trusted nodes cannot be audited for their own security by others.  PoW does not have such a problem, as it never elevates particular nodes into any form of trusted status, regardless of their past history.

While PoS has a long history in meatspace, it has nearly zero useful application in cyberspace.  Bitcoin's security model does not depend upon the security models of others.
donator
Activity: 2058
Merit: 1054
I was wondering how long it would take before someone decided to mock all this 'Proof of X" bs.
With all due respect, proof of stake is a real solution to a real problem. (Which I have discussed at length elsewhere.)

I have no idea what some implementation attempts have made, I'm talking about designs such as those suggested by cunicula and me.

It's also the only one that has a theoretical history that extends back to the 1990's.
Proof of stake has a practical history that extends back to the industrial revolution, or to ancient Greece, depending on interpretation. What's your point?
legendary
Activity: 2128
Merit: 1073
Disregard this, I am writing up an even better proposal called Proof of Metaproof.
Can you distill it until it is 190-proof or at least 151-proof?
legendary
Activity: 1708
Merit: 1010
I've got a novel one, that I think I'll call 'Proof of Work'.  Of course, it's not really new, and happens to be the only one that has any kind of track record.  It's also the only one that has a theoretical history that extends back to the 1990's.  But I'm sure all these other 'Proof of Whatever' methods will work just as well!
legendary
Activity: 1708
Merit: 1010
I was wondering how long it would take before someone decided to mock all this 'Proof of X" bs.
legendary
Activity: 1064
Merit: 1001
Disregard this, I am writing up an even better proposal called Proof of Metaproof.
legendary
Activity: 1064
Merit: 1001
My proposal is formulated as a sane alternative to Proof of Spoof, and the less technically sound Proof of Goof.
donator
Activity: 2058
Merit: 1054
So blocks can only be generated by providing novel proofs to Millennium Prize Problems? I'm all for it.
legendary
Activity: 1064
Merit: 1001
What do you think?
Pages:
Jump to: