Pages:
Author

Topic: Satoshi didn't solve the Byzantine generals problem - page 9. (Read 13675 times)

sr. member
Activity: 420
Merit: 262
...and another incentive structure must be developed to encourage decentralized p2p mining.

Switching to an ASIC resistant PoW coin doesn't solve this problem but merely delays the inevitable. As interest and hash power grows ASICS will be developed within time regardless.

I believe it is possible to design a memory hard PoW that is not electrically more efficient on an ASIC, but it will be very slow. I originally didn't think so, but have since realized I had a mistake in my 2013/4 research on memory hard hashes. It is possible that Cuckoo Hash already achieves this, but it is more difficult to be certain and it is very slow when DRAM economics are maximized (although it adds asymmetric validation which is important for DDoS rejection if the transaction signatures are ECC and not Winternitz and for verification when PoW share difficulty can't be high because each PoW trial is so slow).

Cryptonote's memory hard hash can't possibly be ASIC resistant, because by my computation it could not possibly have 100 hashes/second on Intel CPUs and be ASIC resistant.

See also Zcash's analysis thus far.

Correction follows.

It will be impossible to design a memory hard PoW that is not electrically more efficient on an ASIC, unless the hash function employed (for randomizing the read/writes over the memory space) is insignificant w.r.t. the RAM power consumption, which is probably not going to be the case in any design where that hash function has sufficient diffusion to be secure.

The only way to make an ASIC resistant PoW is for the proving computation to be memory latency bound, because DRAM latency can't be improved much in general (whereas hardwired arithmetic computation and memory bandwidth can be accelerated with custom hardware):

http://community.cadence.com/cadence_blogs_8/b/ii/archive/2011/11/17/arm-techcon-paper-why-dram-latency-is-getting-worse
http://www.chipestimate.com/techtalk.php?d=2011-11-22

However, what a GPU (which starts with 4 - 10X worse main memory latency than CPUs) and especially an ASIC will do to get better DRAM amortization (if not also lower electricity consumption due to less latency) is run dozens or hundreds of instances of the proving algorithm with the memory spaces interleaved such that the latencies are combined and amortized over all instances, so that the effective latency drops (because reading from the same memory bank of DRAM is latency free if multiple accesses within the same bank are combined into the same transaction). This can even be done in software as interleaved memory spaces without needing a custom memory controller. More exotic optimizations might have custom memory controllers and larger memory banks (note I am not expert on this hardware issue). This is probably why Cryptonote includes also AES-NI instructions because GPUs have only at best at parity in performance per watt on AES, but that won't be enough to stop ASICs.

However that optimization for ASICs will bump into memory bandwidth limit so the amortization will have a limit. Theoretically memory bandwidth can be increased with duplicated memory banks for reads but not for writes!

Using larger memory spaces in a properly designed memory hard PoW hash function (not Scrypt) can decrease the probability of that instances will hit the same memory bank within a sufficiently small window of time necessary to reduce the latency. Also using wider hash functions (e.g. my Shazam at 2048 to 4096-bits) reduces the number of instances that can be interleaved in the same memory bank (and standard DRAM I think has bank/page size of 4KB?). The ASIC can respond by designing custom DRAM with larger memory banks and run more instances, but that not only raises the investment required but the memory bandwidth limit for writes seems to be an insurmountable upper bound.

So although I think a memory hard PoW hash can be made which is more ASIC resistant than current ones, I think it will be impossible to sustain parity in hashes/Watt and hashes/$hardware. Perhaps the best will be within 1 to 2 orders-of-magnitude on those.

So all profitably mined PoW coins (with sufficient market caps) are destined to be centralized into ASIC mining farms running on cheap or free electricity, but the scale and rate at which this happens can be drastically improved over SHA256 (Bitcoin, etc).

My design of unprofitably mined PoW will only require that the difficulty from the PoW shares sent with transactions is sufficient to making ASIC mining unprofitable for the level of block reward offered. Keeping the CPU implementation of the PoW prover within 1 to 2 orders-of-magnitude of an ASIC implementation reduces the level of such aforementioned difficulty needed.

I hope I didn't make another error in this corrected statement. It is late and I am rushing.
member
Activity: 81
Merit: 10
Yes, Bitcoin solves BGP (in some way). It solves also a bunch of other completely unknown problems:

* how to prove some information existed at a certain time
* how to create a public ledger of ownership
* how to issue a currency without requiring a nation state army to enforce scarcity
* how to reach agreement over a communications channel on value

BGP is a term Lamport came up with, to describe a certain theoretical model.

Quote
He may not have said it in the bitcoin paper, but others have proved it:
http://nakamotoinstitute.org/static/docs/anonymous-byzantine-consensus.pdf

Okay paper, but I wish they would have referenced Lamport and more relevant work on quorum systems. Bitcoin implements Lamport's partial order of events for the first time, yet its not described here.

Quote
There is no Sybil attack possible on the problem as stated. "A majority of CPU power" is a physical quantity which can't be Sybil attacked. Period.

True, but there are other "attacks". Such as calling up Chinese miners and convince them to do a certain thing. The smaller that number and the more closer related, the worse the situation. I believe the best thing to do is to recognize the genius of this invention, but then think about how to do something better on that basis. One of the biggest problems is the complexity of the system, i.e. the large technical debt. E.g. last year there has been 1B$ investment in this area, and there been almost no progress at all in terms of advanced applications (just an increase in noise levels). I think the possibilities are largely not explored. Mostly because the Bitcoin system is extremely complex and actually not that versatile compared to what might be possible. Most discussions take many design aspects for granted, when they might be a hinderance. The PoS systems have been very helpful thinking about these things in different ways. Many also don't know the pre Bitcoin designs, Bitgold and b-money, which are also helpful to consider, see http://www.weidai.com/bmoney.txt and https://en.bitcoin.it/wiki/Bit_Gold_proposal . Actually quite surprising since satoshi said Bitcoin is an implementation of those ideas:

Quote from satoshi:
Quote
Bitcoin is an implementation of Wei Dai's b-money proposal http://weidai.com/bmoney.txt on Cypherpunks http://en.wikipedia.org/wiki/Cypherpunks in 1998 and Nick Szabo's Bitgold proposal http://unenumerated.blogspot.com/2005/12/bit-gold.html

https://bitcointalksearch.org/topic/m.4508

See also:
https://bitcointalksearch.org/topic/m.11405
legendary
Activity: 1008
Merit: 1007
And unless I'm mistaken, Satoshi did not say that it did solve the Byzantine Generals problem, especially in the specific manner that problem is formulated (with discrete General-actors, something that doesn't even exist in Bitcoin at all). At best there is a rough similarity. Correction: Satoshi did say it was a solution in this email. But again, he formulated in a very careful manner, stating that each general has a laptop, which ends up making "majority of CPU power" equivalent to a majority of discrete General-actors.

He may not have said it in the bitcoin paper, but others have proved it:
http://nakamotoinstitute.org/static/docs/anonymous-byzantine-consensus.pdf
legendary
Activity: 2968
Merit: 1198
Quote
The stated problem bounds do not include being able to tell whether someone controls >50% of the hash rate. That isn't in the paper at all. The wording of the paper is "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network". It doesn't matter whether they cooperate via pools or otherwise, either way it is outside the bounds.

Without considering the Sybil attack, then one isn't solving the Byzantine fault issue, i.e. isn't solving the Byzantine Generals problem (which is the correct title of this thread). Just because Satoshi failed to mention that he hadn't solved what he was implying to have solved, doesn't make that just having a majority of the hashrate is the only consideration in a PoW solution to the Byzantine Generals problem.

There is no Sybil attack possible on the problem as stated. "A majority of CPU power" is a physical quantity which can't be Sybil attacked. Period.

The Byzantine Generals problem does not state "A majority of CPU power" as the problem. I already stated that is Satoshi's requirement but as the correct title of this thread points out, Satoshi's stated requirement is not a solution to the Byzantine Generals problem. Period.

Okay, but so what?

Bitcoin also didn't solve P ?= NP or any number of other problems.

And unless I'm mistaken, Satoshi did not say that it did solve the Byzantine Generals problem, especially in the specific manner that problem is formulated (with discrete General-actors, something that doesn't even exist in Bitcoin at all). At best there is a rough similarity. Correction: Satoshi did say it was a solution in this email. But again, he formulated in a very careful manner, stating that each general has a laptop, which ends up making "majority of CPU power" equivalent to a majority of discrete General-actors.

He said exactly what it does solve. If a majority of the CPU power is not conspiring to attack the network, then it reaches consensus that is final and secure (though slowly in the case close to 50%).

It is up you as a prospective user or investor to decide whether "a majority of the CPU power" is an acceptable requirement. It seems at this point there isn't anything better, and some number of people think it is useful (most of the world does not).
legendary
Activity: 1008
Merit: 1007
Bitcoin solves the byzantine generals problem within the bounds of the assumptions in the model. If one entity controls a majority of hashing power, that is outside of the bounds.

Circular logic. Bitcoin didn't solve the Sybil attack problem when pools control 51% and no one can know whether they do and reroute their PoW shares.

I've been guilty of making this same mistake myself in the past, but byzantine faulty nodes can be colluding (or sybil), so the failure tolerance of 51% includes sybil nodes.
sr. member
Activity: 420
Merit: 262
Quote
The stated problem bounds do not include being able to tell whether someone controls >50% of the hash rate. That isn't in the paper at all. The wording of the paper is "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network". It doesn't matter whether they cooperate via pools or otherwise, either way it is outside the bounds.

Without considering the Sybil attack, then one isn't solving the Byzantine fault issue, i.e. isn't solving the Byzantine Generals problem (which is the correct title of this thread). Just because Satoshi failed to mention that he hadn't solved what he was implying to have solved, doesn't make that just having a majority of the hashrate is the only consideration in a PoW solution to the Byzantine Generals problem.

There is no Sybil attack possible on the problem as stated. "A majority of CPU power" is a physical quantity which can't be Sybil attacked. Period.

The Byzantine Generals problem does not state "A majority of CPU power" as the problem. I already stated that is Satoshi's requirement but as the correct title of this thread points out, Satoshi's stated requirement is not a solution to the Byzantine Generals problem. Period.

One of the attack vectors in solving the Byzantine Generals is the Sybil attack. The Byzantine Generals problem is all about the need to trust that 2/3 of the generals are loyal without centralization where all generals are the same person, i.e. that there is no Sybil attack.

Anyone who has studied all the variants of consensus algorithms (as I have) will know clearly that Sybil attacks are always resolved via centralization of the protocol.

This is why as I looked for an improvement over all of what has already been tried, I was cognizant of that I would need to accept centralization in some aspect and so I began to look for the possibility of controlling centralization with decentralization, i.e. a separation of orthogonal concerns which is often how paradigm shifts arise to  solve intractable design challenges.

Every consensus design creates centralization. This will always be unavoidable due to the CAP theorem. The key in my mind is to select carefully where that centralization should be.

  • Satoshi's PoW consensus design centralizes because a) SHA256 has orders-of-magnitude lower electrical cost on ASICs, b) full nodes must centralize (maximize pooled hashrate) to win the battle over who will have the most profitable verification costs (which can be accomplished with a Sybil attack), and c) variance of block rewards require maximizing pooled hashrate (at least up to double-digit percentages and Sybil attack incentives kick in from there).
  • Stellar's SCP consensus design centralizes because although it can't diverge, it requires that slices are not Sybil attacked to avoid eternal preemption (being jammed stuck forever).
  • Ripple's consensus algorithm diverges unless it is centralized trust, as confirmed by Stellar's divergence before it switched to the SCP algorithm.
  • Iota's (any DAG's) consensus diverges unless centralization can force the mathematical model that payers and recipients encode in their interaction with the system.
  • Ethereum never solved the issue that verification of long running scripts can't be decentralized. They are now off another deadend tangent (consensus-by-betting, Casper, shards) trying to deny the CAP theorem.
  • PoS is centralization.

Extracting the generative essence of an issue is what I do. That is where I have made my career in the past and will do so again.
legendary
Activity: 2968
Merit: 1198
Quote
The stated problem bounds do not include being able to tell whether someone controls >50% of the hash rate. That isn't in the paper at all. The wording of the paper is "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network". It doesn't matter whether they cooperate via pools or otherwise, either way it is outside the bounds.

Without considering the Sybil attack, then one isn't solving the Byzantine fault issue, i.e. isn't solving the Byzantine Generals problem (which is the correct title of this thread). Just because Satoshi failed to mention that he hadn't solved what he was implying to have solved, doesn't make that just having a majority of the hashrate is the only consideration in a PoW solution to the Byzantine Generals problem.

There is no Sybil attack possible on the problem as stated. "A majority of CPU power" is a physical quantity which can't be Sybil attacked. Period.

This does not mean that Bitcoin will be a great success and moon to $10 million/BTC, or even that it will survive at all more than another year or two, or anything in between. It is possible to conclude that the consensus algorithm does exactly what Satoshi said it does (putting aside possible selfish mining attacks), and still conclude that such a security margin is too weak to be useful, because of all of the ways the precondition itself can fail (pooling, of course, can contribute to some of them).


sr. member
Activity: 420
Merit: 262

First let us realize that the weaknesses of those approaches is they must use some centralization to prevent Sybil attacks:

you can't solve byzantine generals problem with a probabilistic model unless you've first solved sybil with a probabilistic model and Bitcoin doesn't do that
because there's no way of telling if all pools are owned by the same person, then it's not collusion or 51% attack, it's a sybil attack
since the essence of the byzantine generals problem is sybil attack, dealing with sybil comes first in the hierarchy before byzantine generals is discussed at all

I made this same point in either 2013 or 2014.

Afaics, the only solution is unprofitable PoW which is the design I am now pursuing.

Bitcoin solves the byzantine generals problem within the bounds of the assumptions in the model. If one entity controls a majority of hashing power, that is outside of the bounds.

Circular logic. Bitcoin didn't solve the Sybil attack problem when pools control 51% and no one can know whether they do and reroute their PoW shares.

The stated problem bounds do not include being able to tell whether someone controls >50% of the hash rate. That isn't in the paper at all. The wording of the paper is "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network". It doesn't matter whether they cooperate via pools or otherwise, either way it is outside the bounds.

Without considering the Sybil attack, then one isn't solving the Byzantine fault issue, i.e. isn't solving the Byzantine Generals problem (which is the correct title of this thread). Just because Satoshi failed to mention that he hadn't solved what he was implying to have solved, doesn't make that just having a majority of the hashrate is the only consideration in a PoW solution to the Byzantine Generals problem.

Even if we remove the economics which drives hashrate to concentrate into mining farms such as my suggestion to make mining unprofitable (and an ASIC resistant PoW protocol such as a memory hard hash would help improve the ratio of PoW shares from the marginal mines which are the payers required to make mining unprofitable for the lowest-cost miners which are the mining farms), we still have the problem that if payers are not full nodes and thus have to choose another server to do verification and select transactions for each block, the Sybil attack problem remains in that one can't know if many servers are owned/controlled by the same entity. And in fact, I have shown that verification MUST due to economics be centralized because those full nodes which have higher hashrate (even if hidden behind a Sybil attack from the public's perspective) thus earn more block reward and/or transaction fees per verification than those who control less hashrate, thus pools/full nodes are forced to be centralized (and hide it from the public with a Sybil attack because we all are delusional and expect Satoshi's design to remain decentralized when it can't).

But let's consider what damage the Sybil attack on full nodes can do, and how it can be detected and mitigated. In Satoshi's design, the Sybil attacking full node has lower costs for verification (and maybe can also potentially do a selfish mining attack but that isn't required to make my point) and thus will eventually drive the other full nodes bankrupt as a result. Thus Satoshi's design centralizes because of the inviolable and insoluble economic reality.

The other bad things centralization can do is censor some transactions and execute long-con double-spend attacks.

The solution is to centralize only the verification, but keep the control of the PoW computation decentralized, and make it such that the blame for censoring transactions and long-con double-spending is not ambiguous as it is in Satoshi's design.

That is exactly what my design accomplishes, while also enabling instant transactions that are sound. White paper and implementation forthcoming.
legendary
Activity: 2968
Merit: 1198
you can't solve byzantine generals problem with a probabilistic model unless you've first solved sybil with a probabilistic model and Bitcoin doesn't do that
because there's no way of telling if all pools are owned by the same person, then it's not collusion or 51% attack, it's a sybil attack
since the essence of the byzantine generals problem is sybil attack, dealing with sybil comes first in the hierarchy before byzantine generals is discussed at all

I made this same point in either 2013 or 2014.

Afaics, the only solution is unprofitable PoW which is the design I am now pursuing.

Bitcoin solves the byzantine generals problem within the bounds of the assumptions in the model. If one entity controls a majority of hashing power, that is outside of the bounds.

Circular logic. Bitcoin didn't solve the Sybil attack problem when pools control 51% and no one can know whether they do and reroute their PoW shares.

The stated problem bounds do not include being able to tell whether someone controls >50% of the hash rate. That isn't in the paper at all. The wording of the paper is "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network". It doesn't matter whether they cooperate via pools or otherwise, either way it is outside the bounds.

sr. member
Activity: 420
Merit: 262
you can't solve byzantine generals problem with a probabilistic model unless you've first solved sybil with a probabilistic model and Bitcoin doesn't do that
because there's no way of telling if all pools are owned by the same person, then it's not collusion or 51% attack, it's a sybil attack
since the essence of the byzantine generals problem is sybil attack, dealing with sybil comes first in the hierarchy before byzantine generals is discussed at all

I made this same point in either 2013 or 2014.

Afaics, the only solution is unprofitable PoW which is the design I am now pursuing.

Bitcoin solves the byzantine generals problem within the bounds of the assumptions in the model. If one entity controls a majority of hashing power, that is outside of the bounds.

Circular logic. Bitcoin didn't solve the Sybil attack problem when pools control 51% and no one can know whether they do and reroute their PoW shares.
legendary
Activity: 1008
Merit: 1007
you can't solve byzantine generals problem with a probabilistic model unless you've first solved sybil with a probabilistic model and Bitcoin doesn't do that
because there's no way of telling if all pools are owned by the same person, then it's not collusion or 51% attack, it's a sybil attack
since the essence of the byzantine generals problem is sybil attack, dealing with sybil comes first in the hierarchy before byzantine generals is discussed at all

I made this same point in either 2013 or 2014.

Afaics, the only solution is unprofitable PoW which is the design I am now pursuing.

Bitcoin solves the byzantine generals problem within the bounds of the assumptions in the model. If one entity controls a majority of hashing power, that is outside of the bounds.
sr. member
Activity: 420
Merit: 262
...and another incentive structure must be developed to encourage decentralized p2p mining.

Switching to an ASIC resistant PoW coin doesn't solve this problem but merely delays the inevitable. As interest and hash power grows ASICS will be developed within time regardless.

I believe it is possible to design a memory hard PoW that is not electrically more efficient on an ASIC, but it will be very slow. I originally didn't think so, but have since realized I had a mistake in my 2013/4 research on memory hard hashes. It is possible that Cuckoo Hash already achieves this, but it is more difficult to be certain and it is very slow when DRAM economics are maximized (although it adds asymmetric validation which is important for DDoS rejection if the transaction signatures are ECC and not Winternitz and for verification when PoW share difficulty can't be high because each PoW trial is so slow).

Cryptonote's memory hard hash can't possibly be ASIC resistant, because by my computation it could not possibly have 100 hashes/second on Intel CPUs and be ASIC resistant.


See also Zcash's analysis thus far.
sr. member
Activity: 420
Merit: 262
you can't solve byzantine generals problem with a probabilistic model unless you've first solved sybil with a probabilistic model and Bitcoin doesn't do that
because there's no way of telling if all pools are owned by the same person, then it's not collusion or 51% attack, it's a sybil attack
since the essence of the byzantine generals problem is sybil attack, dealing with sybil comes first in the hierarchy before byzantine generals is discussed at all

I made this same point in either 2013 or 2014.

Afaics, the only solution is unprofitable PoW which is the design I am now pursuing.
sr. member
Activity: 420
Merit: 262
With PoS/PoI/DPoS a sybil attack can come without any notice and with potentially much cheaper costs. (No, an attacker need not have to "buy" coins to attack, They can create an exchange/bank that pays interest/dividends to corner a good chunk of coins 5-30% needed depending upon the algo, Or they can create a popular wallet with a backdoor, Or they can compromise several large bagholders computers, Or a few large holders could short and attack their own coin, ect..)

These are social engineering attacks, of course.  I guess the equivalent in POW would be to 'borrow' someone's server farm.

Some of it does involve Social engineering, yes. The distinction between PoW and PoS/PoI/DPoS is that several of these attack vectors cannot be accomplished with PoW. With PoW all you can do is steal the account holders coins with a mtgox, ponzi scheme, or when a large bagholder is compromised. With PoS you can also attack the network and steal other peoples coins as well. Additionally, a compromised wallet cannot attack the network with a 51% attack with PoW as in PoS.

I suppose one could social engineer their way into Ant-pools mine and covertly reflash the firmware on all the miners. This attack would be much more difficult to do because large farms have multiple engineers who look over things and they have to constantly check their equipment and have large incentives to keep ontop of everything because of razor thin profit margins.  

It is no surprise that many PoS coins use checkpoints to add another security layer which is essentially centralization by a few developers approval. Checkpoints don't prevent these attacks just narrow the window of attack which is absolutely no problem. Developers Like Vitalik have studied these security weaknesses long and hard and despite desperately wanting to use some form of TaPoS for security still have not found an acceptable solution to mitigate these threats.

[...]

I have added the above quote to my epic post about all the flaws in PoS.
legendary
Activity: 1008
Merit: 1007
I'm just going to leave this here for reference purposes:

Quote
Anonymous Byzantine Consensus from
Moderately-Hard Puzzles: A Model for Bitcoin

http://nakamotoinstitute.org/static/docs/anonymous-byzantine-consensus.pdf
legendary
Activity: 2968
Merit: 1198
By making pools appear smaller they encourage independent miners to (continue to) send hash rate there. Thus the evil pool operator doesn't need buy the hash rate himself, he's tricking miners into letting him use it.

True. I suppose creating a fake pool for a long con is equivalent to creating a fake exchange to gather POS coins with which to vote... With the exception that the fake pool will be at capacity for the attack, whereas the exchange voting with stake is much harder to detect, and is passive.

Agree, and not just a single fake exchange either. There could be all manner of corrupt platforms and investment schemes that exist, at least in part, to collect stake. In fact the market forces kind of dictate this, since such platforms and vehicles can likely pay a higher yields than honest ones. Furthermore they are paying those yields in units where they, alone, with privileged knowledge of their future plans, have good visibility as to underlying value. Not really so different from the fiat banking system in a lot of ways.
legendary
Activity: 2968
Merit: 1198
Even if KnC/Bitfury/etc. were >50% and dishonest, the socioeconomic majority can flee their corrupted PoW by forking to something besides SHA256.

Not clear that isn't just a treadmill though. If SHA256 became corrupted than given the same structure something else might very well become corrupted too.

Various arguments could be made about difference in absolute time, relative ASIC-resistance of the function, etc. but I'm not sure how compelling they are.

legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.

You can't use Bitcoin itself as an example of Byzantine consensus in an effort to justify it's own existence.  That page is moving the goal posts all around and adding a bunch of new variables that aren't even in the original problem.  All that page is doing is saying, Bitcoin works, therefore, the solution Bitcoin used is the answer.  Circular reasoning.


Battle of the century of r0ach vs smooth regarding this issue.  They call him "smooth" because it's like talking to Bill Clinton.  You tell me who won:

<@smooth> The BGP as usually stated has a concept of identity ("Generals") which is specificaly not part of the problem definition in Bitcoin (which is what makes it sybil resistant). Bitcoin doesn't care
I made the arguement that byzantine generals is a ridiculous ivory tower example with too many open ended variables and the only real problem is sibil prevention
<@smooth> yes and for the millionth time bitcoin is totally sybil resistant
<@smooth> because identity doesn't matter
it's not sybil resistant, all pools can be owned by the same guy
<@smooth> pools are not actors in bitcoin. hash rate is
<@smooth> hash rate can't be sybil attacked, it is a physcal property
hash rate doesn't decide vote, it's delegated proof of work (bitcoin), only the pool owner does
what hash does is irrelevant
you're letting satoshi decide what you can criticize or not
instead of using your own logic
to figure it out
because the model that exists is nothing like the PDF
<@smooth> well if you are critizing bitcoin, you are criticizing somethign he defined
<@smooth> if you want to redefine it, and then criticize that, that's perfect valid science, just make a specific definition first
bitcoin does not function in the way his PDF describes at all, so when you cite satoshi, it's pretty much meaningless in that context
<@smooth> I disagree
<@smooth> the only portion that does not apply is the convergence proof
<@smooth> but that is because of hash rate concentration, not because of pools
<@smooth> even with pools (and I'll admit this is not a precise argument), if 50% of hash rate is honest, pools can't do anything because the hash rate will quickly flee a dishonest pool
<@smooth> Note this is not true if KnC Bitfury etc. is not honest, because their hash rate can't flee
<@smooth> even 1 cpu 1 vote is actually true still
<@smooth> again, cpus are a physical entity, can't be sybiled
it doesn't matter what the hell the cpus are doing since you're going through a 2nd layer of abstraction known as delegation (pool)
and the 2nd layer takes precedent over the 1st
<@smooth> i would argue the opposite
<@smooth> the 1st takes precendence over the 2nd, because is I said, you pull your hash rate
yes, i can pull my hash rate AFTEr the attack has occurred
that's fault recovery, not fault tolerance
this is known as the long con, I'm sure you've heard of it

Even if KnC/Bitfury/etc. were >50% and dishonest, the socioeconomic majority can flee their corrupted PoW by forking to something besides SHA256.

So smooth won, but for a reason not explained.   Cheesy
legendary
Activity: 1008
Merit: 1007
By making pools appear smaller they encourage independent miners to (continue to) send hash rate there. Thus the evil pool operator doesn't need buy the hash rate himself, he's tricking miners into letting him use it.

True. I suppose creating a fake pool for a long con is equivalent to creating a fake exchange to gather POS coins with which to vote... With the exception that the fake pool will be at capacity for the attack, whereas the exchange voting with stake is much harder to detect, and is passive.
Pages:
Jump to: