Pages:
Author

Topic: Satoshi didn't solve the Byzantine generals problem - page 8. (Read 13700 times)

legendary
Activity: 1008
Merit: 1007
Not really, those are just evidence of latency. If a majority of the CPU power is conspiring to attack the system and all non-cospirator blocks are orphaned then no one will mine outside the conspiracy and there will be no such orphans (there may still be forks within the conspiracy if they still have latency).

The system will have failed, but it will have failed because it exceeded stated limits.

I should have written 'fault' instead of failure. Nonetheless, byzantine faults can arise due to latency, or a malicious node - I wasn't describing an attack scenario specifically, just defining how the byzantine consensus applies to bitcoin.
sr. member
Activity: 420
Merit: 262
"Correctly functioning components of a Byzantine fault tolerant system will be able to provide the system's service, assuming there are not too many faulty components."

In Bitcoin "too many faulty components" = majority of the CPU power.

We can't count the components because identities can be Sybil attacked.

But more saliently since I know your retort would be that hashrate is the count, you seem to be going in circles because you ignore what I already wrote:

In bitcoin, BGP is solved to within the stated tolerance of 51% byzantine faulty nodes.

Satoshi's PoW does not distinguish between faulty and non-faulty nodes.

You guys are like a dog chasing its tail.
legendary
Activity: 2968
Merit: 1198
Nodes vote with their hash-power on the branch of the chain which they consider to be truth.

Only correctly functioning nodes do that.

Quote
Evidence of byzantine failures is the existence of multiple branches; we call these orphans. Each branch presents a different version of truth to observers of the system.

Not really, those are just evidence of latency. If a majority of the CPU power is conspiring to attack the system and all non-cospirator blocks are orphaned then no one will mine outside the conspiracy and there will be no such orphans (there may still be forks within the conspiracy if they still have latency).

The system will have failed, but it will have failed because it exceeded stated limits.

 

legendary
Activity: 1008
Merit: 1007
monsterer and smooth, I repeat again, how do you prove if a 51% attack is censoring transactions? In other words, how do you even detect it in an objective and provable manner?

A system which doesn't objectively (from the perspective of all observers) know when it is failing is not Byzantine fault tolerant.

Refer again to the Wikipedia definitions:

The following practical, concise definitions are helpful in understanding Byzantine fault tolerance:[3][4]

Byzantine fault
    Any fault presenting different symptoms to different observers
Byzantine failure
    The loss of a system service due to a Byzantine fault in systems that require consensus

This circular logic of yours is getting redundant. I have made my point and you have not refuted it.

Bitcoin employs an amortized byzantine consensus. Nodes vote with their hash-power on the branch of the chain which they consider to be truth. Evidence of byzantine failures is the existence of multiple branches; we call these orphans. Each branch presents a different version of truth to observers of the system.
legendary
Activity: 2968
Merit: 1198
"Correctly functioning components of a Byzantine fault tolerant system will be able to provide the system's service, assuming there are not too many faulty components."

In Bitcoin "too many faulty components" = majority of the CPU power.

sr. member
Activity: 420
Merit: 262
monsterer and smooth, I repeat again, how do you prove if a 51% attack is censoring transactions? In other words, how do you even detect it in an objective and provable manner?

A system which doesn't objectively (from the perspective of all observers) know when it is failing is not Byzantine fault tolerant.

Refer again to the Wikipedia definitions:

The following practical, concise definitions are helpful in understanding Byzantine fault tolerance:[3][4]

Byzantine fault
    Any fault presenting different symptoms to different observers
Byzantine failure
    The loss of a system service due to a Byzantine fault in systems that require consensus

This circular logic of yours is getting redundant. I have made my point and you have not refuted it.
legendary
Activity: 2968
Merit: 1198
Quote
There is no Sybil attack possible on the problem as stated. "A majority of CPU power" is a physical quantity which can't be Sybil attacked. Period.

True, but there are other "attacks". Such as calling up Chinese miners and convince them to do a certain thing.

This only works because Chinese miners have a majority of the CPU power. Otherwise you call them up all you want, but would accomplish nothing. You might as well call someone with an old USB miner stick.
legendary
Activity: 2968
Merit: 1198
So if the LCR is creating censored transactions is that not a fault/failure? What the hell use of Byzantine fault tolerance if it doesn't guarantee a system that can be used by the participants?

There are no censored transactions unless a majority of the CPU power* is conspiring to attack the system.

Bitcoin has a threshold of hostile CPU power that it can tolerate. Below that threshold, it works, above that threshold, it fails.

* selfish mining, etc.
legendary
Activity: 1008
Merit: 1007
So if the LCR is creating censored transactions is that not a fault/failure? What the hell use of Byzantine fault tolerance if it doesn't guarantee a system that can be used by the participants?

Only a 51% attack can censor transactions 100%, any less will just delay them as the honest majority of miners will include transactions which the dishonest minority has censored. Again, this all is within the bounds of the tolerance of the protocol.
hero member
Activity: 709
Merit: 503
This is an immensely valuable topic to understand as deeply and completely as possible.  It would be good to refrain from using any offensive language -- it is possible and often common to misunderstand other points of view.  Let's get the papers written and distributed for the community to evaluate.  If the ideas are sound then hopefully they will be embraced.  If they are not then hopefully they can made be made sound or abandoned accordingly.

Membership: I stood up a full node (non-mining) without any registration with a central authority.  I trusted the software (weak on my part personally but do have at least one person I do personally know very well (my son) building from sources) and the technique it uses to find the "real" Bitcoin network.  I do compare my full node state from time to time with the "public" state as reported at Blockchain.info et al -- although I have become complacent over time.  I feel confident so far but understand that this might bite me in the future.

An ASCI-resistant PoW does seem valuable to me.  Is memory latency the right barrier to stand upon for the ages?  For example, is http://community.hpe.com/t5/Behind-the-scenes-Labs/The-Machine-HP-Labs-launches-a-bold-new-research-initiative-to/ba-p/6793690#.VreSn2b2aUk relevant?  Doesn't cache size eventually eliminate the memory latency issue?  Perhaps the problem size (not just difficulty) can be increased as blocks come in faster and faster?
sr. member
Activity: 420
Merit: 262
Go ahead. Find a way to put me down. I dare you all!

Fuck I am tired of this forum.
sr. member
Activity: 420
Merit: 262
Satoshi's PoW does not distinguish between faulty and non-faulty nodes.

In bitcoin, faulty nodes = sybil nodes.

A byzantine fault in bitcoin is a fork.

Quote
So we can conclude Bitcoin didn't solve BGP because there is no block chain objectivity about faults. And then we can say that Sybil attacks on pools destroy one of our subjective metrics for community appraisal of Consistency.

A poor conclusion. LCR provides the objectivity; branches which get orphaned were objectively selected against as being byzantine faulty.

So if the LCR is creating censored transactions is that not a fault/failure? What the hell use of Byzantine fault tolerance if it doesn't guarantee a system that can be used by the participants?

The following practical, concise definitions are helpful in understanding Byzantine fault tolerance:[3][4]

Byzantine fault
    Any fault presenting different symptoms to different observers
Byzantine failure
    The loss of a system service due to a Byzantine fault in systems that require consensus

Loss of Access is a failure. CAP theorem applies.
legendary
Activity: 1008
Merit: 1007
Satoshi's PoW does not distinguish between faulty and non-faulty nodes.

In bitcoin, faulty nodes = sybil nodes.

A byzantine fault in bitcoin is a fork.

Quote
So we can conclude Bitcoin didn't solve BGP because there is no block chain objectivity about faults. And then we can say that Sybil attacks on pools destroy one of our subjective metrics for community appraisal of Consistency.

A poor conclusion. LCR provides the objectivity; branches which get orphaned were objectively selected against as being byzantine faulty.
sr. member
Activity: 420
Merit: 262
Quote
The stated problem bounds do not include being able to tell whether someone controls >50% of the hash rate. That isn't in the paper at all. The wording of the paper is "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network". It doesn't matter whether they cooperate via pools or otherwise, either way it is outside the bounds.

Without considering the Sybil attack, then one isn't solving the Byzantine fault issue, i.e. isn't solving the Byzantine Generals problem (which is the correct title of this thread). Just because Satoshi failed to mention that he hadn't solved what he was implying to have solved, doesn't make that just having a majority of the hashrate is the only consideration in a PoW solution to the Byzantine Generals problem.

There is no Sybil attack possible on the problem as stated. "A majority of CPU power" is a physical quantity which can't be Sybil attacked. Period.

The Byzantine Generals problem does not state "A majority of CPU power" as the problem. I already stated that is Satoshi's requirement but as the correct title of this thread points out, Satoshi's stated requirement is not a solution to the Byzantine Generals problem. Period.

Okay, but so what?

Bitcoin also didn't solve P ?= NP or any number of other problems.

And unless I'm mistaken, Satoshi did not say that it did solve the Byzantine Generals problem, especially in the specific manner that problem is formulated (with discrete General-actors, something that doesn't even exist in Bitcoin at all). At best there is a rough similarity. Correction: Satoshi did say it was a solution in this email. But again, he formulated in a very careful manner, stating that each general has a laptop, which ends up making "majority of CPU power" equivalent to a majority of discrete General-actors.

He said exactly what it does solve. If a majority of the CPU power is not conspiring to attack the network, then it reaches consensus that is final and secure (though slowly in the case close to 50%).

It is up you as a prospective user or investor to decide whether "a majority of the CPU power" is an acceptable requirement. It seems at this point there isn't anything better, and some number of people think it is useful (most of the world does not).

Because as I explained to monsterer in the prior post, Satoshi's design is ambiguous about Byzantine faults such as censoring transactions and thus it does not solve the BGP.

And because I assert there are other ways to organize a PoW block chain design so that some of those faults can be objectively identified and reacted to (e.g. the fault of censoring transactions). The fact that in Satoshi's design these faults can't even be objectively identified (and the Sybil attack on pools is another one that destroys any objectivity), then there is no recourse other than for the system to centralize and fail. Pool centralization is increasing despite the move away from pools that had too much hashrate (and the linked data doesn't even account for the Sybil attack we can't see).
sr. member
Activity: 420
Merit: 262
BGP is not solved if there is Sybil attack vulnerability.

In bitcoin, BGP is solved to within the stated tolerance of 51% byzantine faulty nodes.

Satoshi's PoW does not distinguish between faulty and non-faulty nodes.

The following is not "other attack" but rather it is a Byzantine fault (because the loyal participants can't be certain of Consistency by keeping the control of the hashrate below 51%).

There is no way to distinguish a 51% attack from a non-attack, e.g. for example censoring transactions, in a way that is provable with block chain data (i.e. to an offline node that comes online). One of the key innovations in my design, is it is possible for a payer to send his PoW share away from a "pool" (not example the same as pool in Bitcoin) that is provably (from that payer's individual perspective) responsible for censoring the transaction.

Since nothing about faults is provable from the block chain, then there is no provable Consistency (w.r.t. to what loyal nodes would consider a fault, e.g. censoring txns) and thus the BGP has not been solved.

We use community monitoring to estimate that we have Consistency, but this can't be proven objectively just from the block chain. We must correlate user experiences and other data points such as pool concentration.

A Sybil attack against the means by which loyal participants determine whether 51% control has been perhaps ceded to pools removes one of the key data points.

So we can conclude Bitcoin didn't solve BGP because there is no block chain objectivity about faults. And then we can say that Sybil attacks on pools destroy one of our subjective metrics for community appraisal of Consistency.
legendary
Activity: 1008
Merit: 1007
BGP is not solved if there is Sybil attack vulnerability.

In bitcoin, BGP is solved to within the stated tolerance of 51% byzantine faulty nodes.
sr. member
Activity: 420
Merit: 262
Yes, Bitcoin solves BGP (in some way)...

Quote
There is no Sybil attack possible on the problem as stated. "A majority of CPU power" is a physical quantity which can't be Sybil attacked. Period.

True, but there are other "attacks". Such as calling up Chinese miners and convince them to do a certain thing.

Incorrect again.

BGP is not solved if there is Sybil attack vulnerability. The following is not "other attack" but rather it is a Byzantine fault (because the loyal participants can't be certain of Consistency by keeping the control of the hashrate below 51%). Since you have no way to know which pools are controlled by the same entity and thus which pools have the lowest VERIFICATION costs per block reward (which is very important once you scale Bitcoin to Visa scale), then you have no way to know where to send your PoW shares so as to prevent that Sybil attacker from leeching off of the other pools and driving them bankrupt thus centralizing all pools under one control but hidden by a Sybil attack. In other words, the system is GUARANTEED to become 51% attacked due to the economics and the fact that control can be hidden behind a Sybil attack.

I wrote that already upthread and you just don't read apparently.
sr. member
Activity: 420
Merit: 262
"Incorrect. It only proves some information existed at a certain block. There is no way to put a clock time in the block chain."

It seems you really haven't understood the most basic things. Blocks are of course timestamped with actual UTC timestamp from the node that generates it.

You do not understand basic issues.

A 51% attacker can put any time he wants in the block chain.

Honest nodes can sync to a global clock, but this is not guaranteed to be accurate unless an offline node can later prove that the chain was not generated by a 51% attack on the clock records. And of course there is no objective way to prove this, other than trusting the community. And so then you lose the objective, trustless quality.

This is fundamental and if you don't understand this, then you are not qualified as a block chain expert. Block chains are only objective relative to blocks. Period.

Sorry you lose again. And I know damn well the underhanded methods you are employing to try to discredit me and sorry you will lose.
member
Activity: 81
Merit: 10
TPTB, your style is not productive. I'm putting you on ignore, since you seem to have no intention in engaging in meaningful dialogue.

To answer this:

"Incorrect. It only proves some information existed at a certain block. There is no way to put a clock time in the block chain."

Blocks are of course timestamped with actual UTC timestamp from the node that generates it, and then validated by other nodes. Below is the code in the 0.0.1 version. The timestamp mechanism is the entire point of adjusting difficulty through time. Otherwise the PoW would be worthless. For more accuracy atomic clocks via NTP could be used. Without the timestamp nothing in Bitcoin works (that's the double-spend problem).

See also: http://szabo.best.vwh.net/distributed.html#Secure Time-stamping,
http://szabo.best.vwh.net/distributed.html#The Byzantine Generals Problem
http://web.archive.org/web/20090309175840/http://www.bitcoin.org/byzantine.html

where all this is explained in relation to BGP (more accurate would be the term logical broadcast).

Quote
The simple protocol of the bell tower, which broadcast to every resident of a medieval town the same time, can now be implemented on a network -- either through logical broadcast on the Internet or physical broadcast with radio. For the first time we can implement on the Internet the integrity properties on which civilization depends -- including synchronized clocks, unforgeable transactions, and censorship-proof publishing. Where today's Internet, lacking this technology, fails to provide many of these properties, we now know how to provide them with a greater degree of integrity and availability than either the Internet or any previous media was capable of.


https://github.com/benjyz/bitcoinArchive/blob/eabf96b83e7608bff0149dc1fbaee1dd844429c8/bitcoin0.1/src/main.cpp#L1163

Code:
   // Check timestamp
    if (nTime > GetAdjustedTime() + 2 * 60 * 60)
        return error("CheckBlock() : block timestamp too far in the future");

https://github.com/benjyz/bitcoinArchive/blob/eabf96b83e7608bff0149dc1fbaee1dd844429c8/bitcoin0.1/src/util.cpp#L320

Code:
//
// "Never go to sea with two chronometers; take one or three."
// Our three chronometers are:
//  - System clock
//  - Median of other server's clocks
//  - NTP servers
//
// note: NTP isn't implemented yet, so until then we just use the median
//  of other nodes clocks to correct ours.
//
sr. member
Activity: 420
Merit: 262
Yes, Bitcoin solves BGP (in some way). It solves also a bunch of other completely unknown problems:

* how to prove some information existed at a certain time

Incorrect. It only proves some information existed at a certain block. There is no way to put[objectively prove] a clock time in the block chain.

* how to create a public ledger of ownership

Incorrect. A longest-chain-rule (LCR) block chain records non-conflicting state transformations. That isn't limited to a ledger of ownership.

* how to issue a currency without requiring a nation state army to enforce scarcity

Incorrect. A block chain can distribute tokens. That doesn't guarantee anything about it becoming a currency and being immune to nation state armies. If not immune (i.e. not defensible against), then 'without' is incorrect. (it doesn't even guarantee the distribution won't be centralized by mining farms)

* how to reach agreement over a communications channel on value

Again you are pigeon-holing what a block chain does. Again a longest-chain-rule (LCR) block chain records non-conflicting state transformations.

E.g. last year there has been 1B$ investment in this area, and there been almost no progress at all in terms of advanced applications (just an increase in noise levels).

Thanks for ignoring my progress and thereby insinuating my sharing/progress has been noise.

I think the possibilities are largely not explored.

I appear to be reasonably skilled at distilling to the generative essence and I will assert that there isn't a large space of possible designs that will work to eliminate the centralization issue. Mine seems to be the only possible one.

Many also don't know the pre Bitcoin designs, Bitgold and b-money, which are also helpful to consider, see http://www.weidai.com/bmoney.txt and https://en.bitcoin.it/wiki/Bit_Gold_proposal . Actually quite surprising since satoshi said Bitcoin is an implementation of those ideas:

Quote from satoshi:
Quote
Bitcoin is an implementation of Wei Dai's b-money proposal http://weidai.com/bmoney.txt on Cypherpunks http://en.wikipedia.org/wiki/Cypherpunks in 1998 and Nick Szabo's Bitgold proposal http://unenumerated.blogspot.com/2005/12/bit-gold.html

https://bitcointalksearch.org/topic/m.4508

See also:
https://bitcointalksearch.org/topic/m.11405

Now that is noise or at least veering very far from a solution to the problem this thread raises.
Pages:
Jump to: