Topic: Proposal: Decoupling mining profit and control over the transactions (Read 980 times)

I never said , I would design the whole thing for you from scratch.  

Owning a fixed number of coins would be 1 requirement.

But the rules for how the MN work need to be fixed & uniformed thru out.

You decide what other requirements a MN would have to meet to satisfy your design goals.  

I am old and its nap time.

Later,
 

You are right. Most researchers and developers are looking to build their own system, rathern than reaching the holy grail by fruitfuil collaboration.

Based on what criteria do you intend to elect the Masternodes?


Of course, a stakeholder might try to completely dominate the chain by building as many blocks as possible, thereby increasing the general block difficulty, in order to prevent other stakeholders from creating blocks and thus receiving interests. Even though this would allow the stakeholder to increase his relative stake nominally, it is doubtful if he could make a real profit out of it. By making the PoW blocks more difficult and reaping the majority of the interests, the attacker would make the currency lose its appeal and thus its value.

I am a newcomer, but have some understanding and therefore am in positive support for the idea of leveling the field in the interest of fairness and preserving the ideals of bitcoin. A comments:

It seems this idea was discussed or proposed at least twice before by separate individuals, mentioned in this thread.

Instead of greeting the idea with "I thought of it first" or "I'm way ahead of you"... why aren't people inviting each other for collaboration? These ideas were brought up as early as 2012 and no whitepaper completed, never mind implementation. Perhaps pool resources for a quicker attempt at a solution instead of competing for first place?

Re: Proposal: Decoupling mining profit and control over the transactions


Hmm,
I'll take a Stab,

PoW or PoS generate the block without transaction data,

Blocks are then passed to a Masternode system,

Masternode injects the transactions into the block and certify the block be allowed into the block chain,

All Transactions are included in the block by the timestamp of their creation, 1st come 1st served .
There is no jumping ahead by paying higher fees. Fixed Fee.

If any Masternode attempts to add the transactions out of sequence that block is refused and that masternode blacklisted for a period of time.

100% of the block reward goes to the miner or staker,

While 100% of the transaction fees go to the Masternodes (Split between all Active).

Once the coin reaches no block rewards, then 50% of the transaction fees are split between the two.

Miners or Stakers are the engine that moves the chain , while the masternodes control the transactions with a fixed rule system.

Without the miners / stakers , there would be no new block,
Without the Masternodes, new blocks would be without transactions and not be allowed to enter the chain.


 

Thank you for the link. I wasn't aware of the two schemes mentioned in the wiki. You're of course ahead of me and I'm not even trying to compete with you. I'm just sharing my ramblings about potential cryptocurrency designs with the world. 

I'm not sure if you're referring to the fact that I wrote "The block hash difficulty is the same for everyone.". By this statement, I mean that (in contrast to the schemes described above) every miner that wants to build a block at the same point of time will need to find a hash with the same difficulty. On the other hand, the general difficulty of the block hashes can change over time and thus be adapted by a difficulty factor in order to regulate the block creation rate.

You are talking about central mining and control over the block chain while you forgetting a simple fact.
No one is limited in doing the mining process, actually you can start mining right now with a huge farm but what stops people from doing so is because then difficulty will increase and price is not ideal for now.

alkan, you may want to compare your ideas to cunicula's from 2012:

https://en.bitcoin.it/wiki/Proof_of_Stake#Key_difference_between_the_two_proposals

Sorry I have no free time to follow this discussion, as I am very busy writing a 27,000+ words page whitepaper for and then implementing a solution. You aren't even dealing with scaling yet in your design thought process. I am 2 years ahead of you.

It appears to be possible to decouple mining profits and control without making use of a multiple block chain architecture.
In fact, one could use a very simple scheme like this:

1) Transactions are recorded in a normal PoW blockchain. The block hash difficulty is the same for everyone.
2) With each created block, every stakeholder of the currency (not only the current block builder) is paid a fixed rate interest on his stake provided that he created (at least) one out of the last n PoW blocks of the chain.
3) n = 10*sqrt(total_coin_supply/stake)

The more stake you have, the more often you have to mine blocks in order to receive the interest on your stake.
However, by taking the square root of the ratio, the mining power required for the interest is lower than proportional to one's stake in the currency.
To be eligible for the interest on the long run, a stakeholder with a 10% stake will thus need to build like every 32th block of the chain, whereas a 20% stakeholder needs to build every 22th block. As there is no incentive to build more blocks than required, even a 50% stakeholder will only build like every 14th block.

I've indeed found a flaw in my assumption that an attacker would need 51% of the hash rate and 51% of the total burnt coins (or any equivalent combination of the two) to take over control. With the proposed design, you have to outnumber the creators of the last N blocks in order to be elected more than 50% of the times to build the second chain. To achieve that, you must possess more mining power (as a function of hash rate and burnt amount) than the lower 50% of the block creators, which is obviously less than 50% of the total mining power.

However, I think that the problem can be easily solved by using an alternating election rule for the minter of the second chain: For odd blocks we can use the described method, whereas the minters of even blocks are elected in proportion to the number of blocks they have built within the last N last blocks.  

With such a rule, you could prevent that an attacker with only 51% of the sybils or only 51% of the mining power could control the chain.

Agreed. But the question is what costs and risks an attacker would incur by trying to take over the currency, and for what benefit.
In contrast to PoS, you cannot just buy and short the required stake since you actually have to burn it (or alternatively have a hash rate that is orders-of-magnitude higher than that of the rest).

If implemented correctly, a rational miners wouldn't get all the power over the transactions even if he had >50% of the mining power since the only way to achieve that is highly unprofitable. Of course, an irrational attacker with more than 50% of the mining power could attack the coin.

It's important to differentiate between the centralization of control of the global ledger consensus (which is tackled by my design) and how the consensus can be attacked.
These are two different pair of shoes.

You are assuming that the incentive for mining blocks on the first chain outweighs the incentive of Sybil attacking the accounts used to select who will be able to create blocks with transactions.

But there is nothing stopping any one from doing both. The Sybil attack is free. To the extent you try to make the Sybil attack not free, you again reintroduce the economies-of-scale of resources and fall right back into the winner-take-all power vacuum.

You'll end up spinning your wheels on endless mistakes like this. I sat on my couch for months finding flaws in all my thought experiments.

It's hard because the mining difficulty depends on the amount you have burnt with the account that you use for mining blocks. As the number of coins you own and that you are willing to burn is limited, it doesn't make sense to split them between multiple accounts for burning them.

What is hard? Make new wallet? Takes 1min to restart the client. And if i have negative things by using the same Pubkey, than its more motivation to
invest 1min to create new privkey and to sign new pubkey with new privkey. I can make this houndert-thousend times on an boring weekend for the future...


Your idea make only work for dev and normal miner and the miner, which you have target, can dance around you.

That's not the case. But my description was a bit unclear, I'm afraid (I have changed it now). The hamming distance is not measured against the blocks you have created but against the hash of the account that you used for creating them. The miners have to sign their blocks of the first chain with their public key so that each block can be related to a specific account. We can then use that key to calculate the distance as follows:

hamming_dist(h(h(latest_block)), h(public_key))

Therefore, it doesn't matter how many blocks you have mined, provided that you mined them with the same account.
As it's much harder to mine blocks with multiple accounts, the miners are likely to use the same account for mining.

That seems to be incorrect. The more blocks you have, the better your random chance of having the least Hamming distance.

Sounds like what I was talking about in July:

https://bitcointalksearch.org/topic/an-idea-for-a-bitcoin-scaling-alternative-to-ln-1550027

One of the main issues of Bitcoin and other cryptocurrencies is their tendence to centralize so that mining might eventually be concentrated in the hands of few or even a single entity. Such a priviledged minority not only gets hold of the majority of the mining rewards but ends up "securing" the block chain since mining profit and control over the transactions go hand in hand.

Is it possible to design a cryptocurrency that effectively decouples this seemingly inevitable connection?

In order to be able to curtail the supremacy of the powerful minority over the block chain, the system first needs to recognize the oligarch(s) as such. This seems impossible at first sight since the same person or economic entity can create and use as many addresses (accounts) as she likes and spread the hashing power (PoW) or stake (PoS) between multiple accounts at will. Thus the same entity can act under several identies.

The core idea of my proposal is to disincentivize such behavior by making it economically unattractive. To that end, I will describe two different models, one with PoW and one without.

Model 1 (PoW)

Model 1 is based on PoW. In contrast to Bitcoin and in addition its general block difficulty parameter, there is also an individual parameter for block hashes, tied to every account. The individual hash difficulty depends on the number of coins that the account in question has burnt in the past (using a specific coin burn transaction). The higher the burnt amount, the higher the threshold for the block hashes, and the easier it is for the owner to find valid blocks.

It is obvious that in such a setting, a rational miner wouldn't burn his coins from multiple accounts as the difficulty wouldn't be reduced by the same extent. So, there is a strong incentive to use only one single account for burning and mining. Burning coins can also be seen as an equivalent to investing in mining hardware. The difficulty function and its dependence on the burnt amount must be chosen carefully in order to ensure a Nash equilibrium between mining and burning. Moreover, in order to prevent that early coin burners gain an uncatchable advantage, the burnt coins will decay over time just like mining hardware eventually gets outdated.

Now, using this system alone for the block chain wouldn't prevent centralization, but rather uncover it (for the most part) since the entities are strongly disincentivized from using multiple accounts. In order to decentralize the control over block creation (and the transactions), we need to go a step further and make use of a second block chain for the transactions. Thus the first block chain would be "empty" as such and used to determine the minters of the transaction block chain. The election is done in a way that distributes the power more evenly between the miners of the first chain.

To achieve this, we give the minting priviledge to the account whose hash has the lowest hamming distance to the hash of the hash of the latest block (in the first chain). Hence, the probability of becoming the next minter doesn't depend on the number of blocks that the account has mined in the first chain. Instead, every miner with at least one valid block has the same chance to mint the block. Though to limit the power of early adopters and to prevent permanent nobilities, the minters shouldn't be selected from the entire block chain, but only from its N latest blocks.

On the other hand, a minting reward is paid out to every creator of the N latest blocks, proportionally to his relative number of the blocks in the set. Minting power and minting reward are thus decoupled. As already mentioned, the coins burnt by the rewarded minters decay as a function of the received rewards, so that they have to keep burning coins if they want to preserve their difficulty level. As more and more coins will be burnt over time, we cannot restrict ourselves to paying out the transaction fees as minting rewards, otherwise we would have a deflating currency. Therefore, minting rewards must also include fiat money that compensates for the burnt coins.

To take over the second blocks chain (and the transactions), an attacker needs to mine coins with multiple accounts and outnumber the honest block creators of the N latest blocks. For such an attack, one would need to have 51 % of the hash rate and 51 % of the total burnt coins (or any equivalent combination of the two). Apart from the possibility of double-spending, the attacker would make a loss since his burnt coins (spread over multiple accounts) are of little economic value.


Model 2 (no PoW)

Model 2 uses a TaPoS variant instead of PoW for the first block chain, while it still relies on burnt coins to regulate individual difficulty (which is key to decouple power from wealth).  

To be valid, a block must satisfy the following conditions:

1) The transactions included in the block must have a reference to a block that is part of the current block chain (so transactions cannot be included in multiple blocks/chain forks).

2) The block must contain a minimum number of total coin-days-destroyed coming from the included transactions. The threshold depends on a general difficulty factor and an indivual difficulty level as a function of the amount of (non-decayed coins) burnt by the miner.

3) The transaction with the most coin-days-destroyed must be a transaction issued by the miner. (This condition is a replacement for the PoW in Model 1 and ensures that mining requires an effort.)

4) The block must include h(r), i.e. the hash of a random number chosen by the miner.

The nodes use the longest chain rule to select the new block chain. If two block chains consist of the same number of blocks, the nodes select the one they received first.
Please note that while these blocks include transactions, the described block chain isn't used to achieve consensus on transaction order. This is done in a second block chain, just like in Model 1.

The minters of the second block chain are selected by a secure decentralized random number generator protocol as used in Slasher. A pre-defined number of k miners of the first chain who submitted the random values r[i-k...i] (i being the index of the current block) have to reveal their numbers in a second round. Failing to participate is punished by the decay of all the coins burnt by the account (this rule is needed to prevent any manipulation of the outcome). Once the values are revealed, their sum is hashed and measured against the hashes of the accounts who mined the N latest blocks. The account with the lowest hamming distance is elected to mint the next block of the second block chain which contains all the transactions.

Mining rewards and the decay of the burnt coins are the same as in Model 1.

Any thoughts and insights with regard to these models are highly appreciated.