Topic: Satoshi didn't solve the Byzantine generals problem - page 6. (Read 13675 times)

Byzantine agreement is the process of forming a consensus decision on truth in the face of faulty network participants; bitcoin achieves this. Your definition of fault is incorrect in this context; a fault is information which the majority doesn't accept as truth, which manifest themselves as orphaned branches in bitcoin. Obviously all observers of the network can see orphaned branches.

I followed the link and saw "I was very clear upthread." Could you show more respect to the readers and replace https://bitcointalksearch.org/topic/m.13777769 with the direct link to a post that contains more information? For example, a post that contains the proof (or its beginning if it's scattered among several posts) would be a better option.

I will elaborate/reinforce on your point below...


What is the value of a system that must become an oligarchy? I have better things to do with life than waste it building a copy of the Federal Reserve that is global and puts all our transactions in the clear text on the block chain.


smooth and monsterer continue to repeat over and over the claim that Satoshi's PoW design is Byzantine fault tolerant in the case that some % of the hashrate is not "faulty" (and they've proposed 33% to 51%, or even 25% in a special case of official selfish mining).

I have explained in the prior post that there is no % at which Satoshi's PoW design is not economically driven to centralize due to "selfish mining" (official and the Tragedy of the Commons case I explained).

ArticMine also pointed out in my Decentralization thread another Tragedy of the Commons  in Satoshi's PoW that is economically driven to centralization because block size can't be controlled algorithmically thus it will either be driven to a fixed size set by 51% control over mining (with infinite transaction fees a possibility due to centralized control) or to infinite block size with zero transaction fees but the latter of course will bankrupt mining so only the former can be the outcome. I then argued/showed that Monero's proposed algorithmic block size scaling feature has a mathematical flaw, thus I argued/showed it doesn't solve the issue.

I believe my contemplated decentralized UNprofitable PoW design (with intra-block partitioning and centralized verification) fixes the above problems with Satoshi's PoW design, but I need to work on it more to become more confident/certain there isn't an unacceptable flaw/tradeoff.


I am explaining to smooth and monsterer that Satoshi's PoW design has no asymptotic security because it must economically centralize. David Mazières a PhD Computer Science professor at Stanford who is the Chief Scientist at Stellar, co-authored Kademlia DHT (Distributed Hash Transform), and is an expert in this field of Byzantine fault tolerant decentralized/distributed systems has explained that Bitcoin doesn't have asymptotic security (and he argues that is because the hashrate is in control and thus there is no conclusive objectivity in the system and the entire block chain can be erased and replaced by a longer chain that comes along any time in the future).

I don't really buy into the argument that the entire block chain can be replaced; because I believe the community will create social checkpoints.

Rather my upthread argument is that Byzantine fault tolerance requires the ability to distinguish between a fault and a non-fault, because otherwise the system does not present the same symptoms to all observers (which is a requirement of Byzantine fault tolerance). Satoshi's PoW can't distinguish a fault (attack) from a non-fault (non-attack).

smooth and monsterer retort that it doesn't matter and the system is non-faulty up to some % of the hashrate being non-faulty. But again we can't detect faulty from non-faulty, so we don't know if the system is faulty or non-faulty. And I have further shown there is no % at which the system is stable and will maintain non-faulty (because trend is to centralization) indefinitely.

Whereas, all other solutions to the Byzantine fault tolerance must have an element of centralization in order to be able to distinguish faults from non-faults.

This is why I said I focused my design on including some centralization but controlling it via UNprofitable decentralization of PoW from payers. Whereas, Satoshi's PoW design lies and claims decentralization and fault tolerance, but instead has asymptotic centralization and Sybil attacked truth (because no one can prove the faults distinct from the non-faults).

Thus Satoshi's PoW is a winner take all design, not a stable Byzantine fault tolerant design which can tell us when it is limits have become faulty.

The undetectable Sybil attack on pools combined with the economic incentive to pool more hashrate to amortize verification costs and lose less hashrate on mining fewer orphans, is another example of how Satoshi's PoW design is not Byzantine fault tolerant  because observers can't all observe the same symptoms w.r.t. to faulty or non-faulty progression of the system.

I explained upthread the Tragedy of the Commons (not just in the quote above) that the miner with more hashrate wins more of the blocks thus has a greater income yet all miners have to do the same verification (of all transactions). Thus, (and most certainly egregious as the transaction rate scales to Visa scale and block rewards decline to 0 with transaction fees declining to costs in a non-oligarchy free market), the miners possessing greater hashrate will have a much higher profit (regardless whether their mining hardware is more efficient or their electricity is less expensive) because their transaction verification costs are amortized across all their income. Thus Bitcoin is always reducing miners with lower hashrate's relative capital (to purchase more hashrate) relative to those with higher hashrate (all other factors held constant, which is the same stipulation that must be made in the case of the selfish mining attack).

The official selfish mining attack applies when the attacker has 33% of the hashrate (or 25% with better propagation) is one where block solutions are withheld while the attack remains 1 block ahead of the rest of the network and then propagated immediately if the network catches up, thus mathematically/statistically forcing the rest of the network to waste some of their mining hashrate relative to the selfish miner (and do note all miners waste some hashrate due to the natural orphan rate caused by the ratio of propagation to block period but selfish mining is to the advantage of the selfish miner).

So when I wrote that the inequality between block mining income and verification costs (a.k.a. amortization of verification costs Tragedy of the Commons) is another form of "selfish mining", I mean in the sense that miners with more hashrate cause those with less hashrate to be less profitable, which thus drives centralization of mining because less profitable miners can buy less hashrate relative to more profitable miners. And note there is no minimum requirement for 25% or 33% of the hashrate, as this economic attack is implicit in PoW mining. And thus just like selfish mining it will cause mining to trend towards centralized until an oligarchy can form which agrees to share (centralize) verification costs and not selfish mine each other (because the official selfish mining can be a stalemate loss for both if they both have > 25% of the mining hashrate, thus they are forced to form an oligarchy or fight to the end in a "winner take all").

For the curious, I showed the math from the selfish mining white paper with a tweak to pay all orphaned chains block rewards and it fixed the official selfish mining attack (but not the amortization of verification costs centralizing economics problem). But I think later I found a flaw with convergence of consensus but I forget and that detail is some where in my vaporcoin thread (in a discusssion between monsterer and myself).

Edit: one might claim that the ratio of disparity in profit is equivalent to the ratio of the hashrate and ratio of amortized verification costs (since income is proportional to hashrate if variance is not considered), thus proportional hashrate would remain unchanged and thus my claim of trending to centralization would be invalid in this case of amortized verification costs. However that would only be true if the profitability was proportional to the relative hashrate without any verification costs, which is not true due to ASIC, electrical, and other efficiencies. These other efficiencies are the fundamental issue. Then add the variance and propagation cost (wasted hashrate mining an orphan for those with lower hashrate) issues and thus pools with greater hashrate have a disproportionate profitability relative to proportional verification costs.

Also note that verification costs are constant for any hashrate, thus is a larger proportion of income given lower hashrate.

I sincerely appreciate your efforts; I sincerely wish you the best.  I don't think you can do it (but that's almost certainly due to my shortcomings) but please do try; nothing would make me happier than to see you succeed.  If there's anything I can do to help then please do not hesitate to ask me and I will try my best.  For example, I would be delighted to review your white paper when it is ready.

The details, incentives, and potential pitfalls are deeper than that and are partially covered in the Decentralization thread (perhaps start reading from page 20 forward). No offense intended, but I am too weary to repeat again.

Hmm, I can be dense.  Unprofitable PoW; seems like it will be pretty hard to get folks to participate.  That said, I do run an unprofitable full node without mining.  So, maybe we would get some altruistic folks to do it *but* aren't they at risk of being over-taken by bad guys willing to run unprofitably?

Of course no PoW proving algorithm (of any design) can be as efficient on less optimized consumer hardware and retail electricity (10 - 20 cents per KWH) as compared to highly optimized ASIC mining farms on 0 - 4 cents per KWH electricity (hydropower colocated or China's collectivized corruption). Even distributing ASICs to consumers won't level the playing field and not only because of differences in electricity costs, yet also due to economies-of-scale, access to lower interest loans, better connectivity to the major pools of the P2P announcement network, amortization of block chain verification over great income, etc..

Profitable PoW will always centralize, because there is a "selfish mining" attack always ongoing and there is no such thing as a minimum requirement for 25 or 33% of the hashrate, because (a conceptual variant of) "selfish mining" is built into the economics of Bitcoin (e.g. the amortization of verification costs, etc).

That is why I designed an UNprofitable PoW system. There is no other hope.

Edit: the reason I am interested in narrowing the margin between PoW prover computation on consumer hardware and mining farms, is because in an UNprofitable mining design then the aforementioned ratio dictates from the ratio of UNprofitable hashrate to profitable hashrate determines how high that block reward can be and not be profitable to any miner. Obviously a coinbase reward of 0 is always UNprofitable (unless transaction fees are considered which is another detail I covered in the Decentralization thread).