Topic: rpietila Altcoin Observer - page 231. (Read 387556 times)

You should try both XCP and NXT AE to see the difference in speed. XCP developers also had an issue with the Bitcoin developers after the latter changed something in the Bitcoin protocol which prevented XCP developers from doing some features or somehow limited their options, not sure about the details, but the point is, any DEX riding on top of Bitcoin network will always depend on good will of Bitcoin developers, and that doesn't inspire confidence in investors' minds. Oh, and did I mention that order execution is slow?

Bitcoin does only one function.
XCP does another function.

NXT does both of those + 2 more, and adding a few more in the nearest future.

And before XCP, was MSC.

superresistant, why are you still arguing that NXT has the only working dex ? And sometime you call it the first one that ever existed... Which is wrong too.

What about counterparty.  It's had a DEx for a while.  Since before nxt I think.

There is an initiative to screen companies listing their stock at NXT AE, sort of rating agency, so hopefully soon investors will have a way to assess what's decent and what's an obvious scam. Actually you don't need a rating agency for that in many cases, as some of the listings are really stupid or asking for too much money, and can be filtered out without further checks. But if someone professionally does that for NXT investors, that's even better, and it'll happen soon. Probably more than one rating services will function, as they also can be biased and must compete with each other. No competition = monopoly = bad results.

We must remember it's all bleeding-edge technology, there has never been anything like that before in the universe, thus, mistakes will be made, but if NXT is a really good idea, it will recover from the mistakes. We shall find out soon enough.

I think Asset Exchanges as part of client or ecosystem are overvalued.
Look at Cryptostocks, Havelock and MPEX. There are only (99,99%)
scams, mining "group buys"/projects, outright stupid ideas/proposals and projects/companies with inadequate team & strategy/plan listed. No real solid company/project.

Where should valuable companies come from that list at NXT EA?

So much this:

Nxt put the technique before the marketing. It has advantages and drawbacks.

To sum things :

Nxt is not massively covered by media while Ethereum is.
Nxt has the only working and active decentralized asset exchange while Ehereum doesn't exist.

There is over 150 assets on Nxt asset exchange and the equivalent of 5500 BTC volume the last 30 days. That's 120000 USD per day. On the other hand, not many people know about it.
There is over 150 youtube videos about Ethereum with beautiful promises and ideas but no exchange ever seen.

@superresistant

Then certainly NXT is not doing a good job of marketing it as such. Isn't all that what Ethereum wants to bring to the table? The big difference would be PoW in Ethereum I think.

Well you can't be perfect. You said it, you never looked at it because of your pride and prejudice.
If people don't take time to look at something different and understand it, it's their time, their problem.
We don't have infinite time so we tend to focus on things that appear interesting and reject the rest.


I found that Nxt is the most mind blowing cryptocurrency mainly because it is radically different.
It make you rethink what is a crypto and because of this, early Bitcoin adopters cannot deal with it.
With Bitcoin, people mainly use it as an Internet currency and existing business add it as a payment.
Nxt is a market in itself. It create radically new businesses.
It's like having a business in-the-cloud hosted by a decentralized network that has also a currency.
The Nxt currency is not the main feature here, the most important is the ability to create assets that cannot be taken down and that you can access and trade anywhere in the world.

Well for starters total bitcoin days destroyed is something whose supply isn't limited in a very useful way. 

The problem with bitcoin days destroyed as a measure of chain priority is that If you are making an attack chain, and you want your coins to earn more credit for that chain than they do in the one you're trying to displace, you just have to make sure that all the coins you control are spent in the last block of the attack chain.  You can spend them (to another address you control) in every block before that, too, if you feel like it, but it won't matter; they'll just start accumulating more bitcoin days to destroy at the new address.   The total bitcoin days destroyed represented by the coins you control is just the product of the time from the start of the attack chain to the moment the coins get spent *LAST*.   

Similarly, you want to avoid presenting the opportunity for an attacker to combine priority from coins owned by him (or by anyone who'd give him access to their old "now-useless" keys for coins that are spent in the real chain) at different times into priority for purposes of a single attack. 

What I'm trying to produce is a situation in which the attacker cannot make any coins count more priority for the attack chain than they do for the legitimate chain.  Therefore it mustn't matter at what block height he spends the coins he controls, nor whether he re-spends subsequent outputs created by those spends, etc, up to the last block.  So it really isn't the same as bitcoin-days destroyed. 

A spend of a coin in a given block chain can be read as an irrevocable event that guarantees the owner of the coin accepted that block chain as legitimate at the time. 

Because new txOuts created after the fork can be created at will (out of old txouts) in an attack chain, there's no point in counting them. 

Because any coins created after the fork will be controlled by the attacker in the attack chain, you actively screw yourself over if you count spends of them for chain goodness.

Because replaying transactions in a new chain should not allow the attacker to add priority to a bogus chain, each transaction record would have to be extended to contain a block hash, just to make sure that it counts as support for the chain it's in, and not as misplaced or replayed support for some other chain.  This means that clients would have to commit replacement transactions after a reorg, instead of just taking transactions back to the memory pool to find a place in the new chain. 

Because any conflicting transactions between the two forks are either replacement transactions (so it doesn't matter which chain they're accepted in) or controlled by the attacker (so you don't want to give him any control over which chain they're accepted in), there's no point in counting them for chain goodness.   Otherwise the attacker could use a spend in one chain only to add priority to the side of a fork he wants to 'win' because it contains a double spend of some other coin.  This is especially true of conflicting transactions attempting to spend intersecting but nonidentical sets of tXouts.  If a 10000- coin transaction in one chain conflicts because of a single common txIn with a 1-coin transaction in the other chain, you count neither tx. 

Because the attacker can generate more 'bitcoin days destroyed' with the same coins in the attack chain by just putting the spends of them into later blocks, you put tools into the hands of the attacker if you count them.  They're nice for calculating the priority of individual transactions where there's no conflict to resolve, but not so nice for calculating the priority of the blockchains. 

Ultimately, the only 'finite resource' I've come up with so far that is finite in the way we want it to be, is the TxOuts that exist at the fork point.  Whichever chain has had more of those coins spent in it is the chain created by the majority of the stake that existed at that time. 

The only way the attacker can use his 'stake' to generate more priority for the attack chain than for the main chain, under that measure, is to spend his coins in the attack chain while keeping them unspent in the main chain.  And if he does that, then the attacker cannot be executing a double spend.

Whatever 'old keys' the attacker may be able to get from others will be keys to TxOuts that they have already spent; by using them to create fake spends in the attack chain, he cannot (must not be able to) add any more priority to the attack chain than the genuine spends add to the main chain. 


Well, my point is that if we're serious about proof-of-stake, "doing the work" means doing transactions that prove your stake supported a particular chain.  In a Proof-of-stake universe that, and not hashing, is what keeps the chain secure.  And by paying 'interest' on coins transacted in a chain, we would be paying exactly the people who did the work to secure the chain.   


"Decreasing security in some other way" seems quite likely, unfortunately.   While I'm reasonably confident in the above as a general measure  of chain goodness that isn't vulnerable to the nothing-at-stake issue, I don't know if it can really function as the *only* measure of chain goodness.  I haven't provided for any real control over who gets to build the next block and when.  And if the attacker can find any way to control that - building N blocks in a row at a time of his own choosing - he is quite likely to find a new way to mount an attack. 

In all, no, this measure of chain goodness isn't a solution to the whole problem.  As I said at the outset it's still awfully sensitive to large transactions. It's an important part of a solution but it isn't a solution of itself.

SPV clients shouldn't have trouble unless trying to resolve a very deep fork -- and that's the same circumstance where they have trouble now.  They'd be doing an algebra problem instead of checking hashes - but it wouldn't be more difficult.

I don't know of an alt-coin that is using anything really like this measure of chain goodness.  It's a worthwhile thing to try but I still feel like it's "not ready for prime time" until it provides a better way to determine who gets a chance to form each  next block.

When I finish working out its kinks it'll probably be one of my 'Cryptocurrency 101' blog posts.  But I don't consider it to be quite unkinked just yet.   

Interesting post as usual, Cryddit.

I have no qualms with the energy spent on PoW, and I see rewarding new coins to those who do work as the ideal distribution mechanism.  But I am interested in theoretical discussions about how the cost and difficulty of an attack can be increased, especially in the distant future when the mining subsidy is largely over.  

How is your idea that different from calculating the best chain using the equation:

   chain goodness = C₁ x total_work + C₂ x total_bitcoin_days_destroyed

Are you increasing security in one area by decreasing it in another? Could SPV clients could work with either technique?  Does some alt-coin already do something like this?

Are you sure there was a case like this in NXT history? Because if there was not one, as far as I understand N@S is not applicable @NXT..

I don't pay much attention to what you write because I don't have the time - so it was an honest question.
It is good that this dialogue is being done and I am not biased in favor of NXT although I was one of the early adopters.

Trust me, I would prefer to be 10000% sure that NXT is indeed robust and I prefer people who bring up possible vulnerabilities rather than shills.

That said I could try and find a good bounty for you if you help find a decentralised solution to N@S...

I don't think so. Most people wouldn't even notice. Heck, most people already think Bitcoin is dead from the FUD they read/heard/watched on the Mt. Gox going under event and when you tell them it's only one exchange that went bankrupt, they stare in amazement. Most people are clueless about crypto currencies or generally money matters.

PoW is a disaster waiting to happen. Some coins with diversified algos like Myriadcoin may take longer, some may take less time to crash. Proof-of-Stake is the only long-term sustainable answer, extendable to counter attack the deflationary pressure through the Monetary System, and not prone to kill switch attacks.

I'm referring to the govt actually killing a coin (even Bitcoin), if it deems it's a threat to the USD.

The USD is what makes thing happen on the planet. Almost all global debt (from country to country and the IMF), is USD-denominated. This is the mechanism for enforcing global slavery.

If something were to rival or threaten the USD, measures would be taken to control that threat. Precious metals are manipulated to that end and they have marketcaps 1000x of BTC. If I were the US government, I'd want a Bitcoin killswitch. If it'd cost me 100mn USD to buy ASIC farms capable of 51%, that'd be a very small price to pay to continue my multi-trillion-USD dominance.

Of course pulling the switch would also show desparation and people would then move to real money (PMs) - in which case the spike could be uncontrollable even with market manipulation. So instead of that, they use the FUD mechanism against bitcoin through the news, making people fearful or uncertain about it.



It's not the same because tx fees give something back. So yes, they are paying for electricity but they also get paid the tx fees as a reward. Even if its slightly or moderately negative, it won't be a large cost because the mining equilibrium will have pushed out the normal miners (=they don't mine at a loss, so...) making mining tx fees more viable for someone harvesting them + securing the network for their own safety (dual benefit).

I think I've come up with a way to make PoS - at least potentially - work as a good solution to the Byzantine Generals problem.  It's still kind of shaky in terms of practical applicability because it's sensitive to when large transactions are made - but if transactions are reasonably 'steady' the math works against an attacker.

With Nakamoto's Proof-of-Work solution, we keep track of the difficulty solved at each block, and from that, when we evaluate two chains to see if one should displace the other we can work out how much hashing work went into each chain.   That amounts to the irrevocable consumption of a resource in finite supply, with the result that we can be certain that the hashing was not expended on both of two chains. 

The crucial point is that a resource in finite supply can be shown to have been irrevocably consumed.  Well, the point at which a TxOut gets spent or transferred is also irrevocable. 

The first 'serious' proposal for proof-of-stake essentially said, we can keep track of the amount spent in a version of the block chain, and treat that as the measure that a 'superior' chain has to beat, in the same way that a 'superior' chain in proof-of-work has to have generated more hashing. 

The problem with that idea is 'nothing-at-stake.'  A TxOut can be spent in both chains, and therefore the priority generated by its expenditure can be counted in favor of both chains.    When you're talking about multiple chains each with its own 'consensus reality' you're no longer talking about the irrevocable expenditure of a finite resource. 

But my opinion is that you can make it finite if you are careful about exactly what you compare. 

The set of TxOuts at the last block that two chains have in common is identical.   That is a finite resource whose expenditure can  be measured when you're comparing two divergent chains.   It may not be the only one, but it is one.  So, when you compare two candidate chains, you should be counting the expenditure of that set of TxOuts, and counting it only once for both chains.  You could count nothing for any coin spent in both chains and full-points for anything spent only in one, and compare the priority on that basis.   Expenditures of the set of TxOuts created after the chain's divergence cannot be counted;  they're already counted when you count (or refuse to count due to conflict) the expenditures that have gone to make them. 

That rule is all about resolving which potential blockchain gets to displace the other; it says nothing about how blocks are formed in the first place.  In fact you could go on forming blocks by proof-of-work, but instead of paying a large coinbase to the hasher, you could pay a very small coinbase to the hasher and distribute most of the coins as 'interest' on the txouts spent in that block.   

The efficiency argument for proof-of-stake would work fine with that structure.  With Bitcoin's blocks worth a little over $17K right now, and ALL of that awarded for proof-of-work, people are spending up to $17K per block on generating proof-of-work; custom ASICS are old news, now there are multimillion dollar 'hash farms' with their own power plants are getting built.   But if, instead, the hasher were getting, say, $10 for forming a block, people would not be spending more than $10 for enough electricity to get a block regardless of how much bitcoin were being created/distributed per block in Proof-of-Stake or 'interest' payments.   

The whitepaper describing Bitcoin Cooperative Proof-of-Stake (CPoS) is here.

Essentially, CPoS has a single nomadic mint agent that periodically moves its state from one full node to the next. The single mint canonically timestamps each directly received new transaction and broadcasts an acknowledgement to the network. There is a thus a single blockchain appended to by the mint's slaved bitcoind instance, and the remaining full nodes replicate their own version of the blockchain to verify the mint agent's behavior.

In what way is CPoS tethered to external objective reality?  I can only see a tether to the subjective reality of the current and past stake holders.


Do you mean make orphans impossible?  I think the only way orphans can be eliminated is if all the blocks are correct.  And the only way all the blocks can be assumed to be correct is if the participants are assumed to be honest.  But if the participants are honest, you don't need PoW or PoS: you just trust by default.   

You could also say, "OK, let's allow orphans, but only a certain way back."  But if you do this, then you need checkpoints.  And if you use checkpoints, who decides what checkpoints to use?

So I don't think such a system can be Byzantine robust. 


I would suggest starting with this thread:

https://bitcointalksearch.org/topic/m.6751334

CPoS has plenty of physical grounding in its timestamping.  Anyhow, the obvious solution is to disallow rollbacks.  Doesn't really matter how you get there.  

Anyhow, I should read more about PoS before I make myself look even more foolish than I usually do.

Perhaps I am not following.  Pruning isn't at all like a checkpoint.  Can you explain in more detail what you mean?

Satoshi describes how blockchain pruning works in Section 7 of the original white paper.  Transactions are hashed into a Merkle tree, allowing for blockchain pruning without breaking the block's hash.  It is actually quite mind-blowing how this works.  Take a look: https://bitcoin.org/bitcoin.pdf