Pages:
Author

Topic: This message was too old and has been purged - page 10. (Read 12700 times)

hero member
Activity: 588
Merit: 503
Free Julian Assange
February 24, 2016, 08:35:52 AM
#31
In my opinion EK should make one, and only one rock-solid unbreakable commitment at this point.  And that is that anybody who has cotributed BTC so far can have their money back right now, no questions asked, and that this offer will remain in place until we can come up with a clear, coherent statement of what it is we are proposing to do.

Well, first my short opinion on this.
I find it really hard to plan mid to long term when people can request charge backs of their "donations" arbitrarily.
All contributions should be final, non-refundable and at the disposition of the coin's developers.
Donating should always be coherent with trust in the coin's future and in the development in general.

However, in this case I understand that it would be fair to allow a withdrawal from the project for a limited time.
I have therefore created a charge back function which can be found here: http://elastic.pro/chargeback.html.
Until February, Friday 26th 2016 3:00pm GMT[/url] people can just request their donation back ... no questions asked.
I have chosen this time because we have to start planning mid-term now. And only if we have the BTC "for sure" we can do that.

Here is how you operate the charge back function, exemplarily, using Electrum:



REGARDING THE TERMS

I suggest letting the terms of the crowdfunding process untouched.
The moment the charge back function closes, block 400000 will already have passed: so a later re-entrance will inevitably lead to less ELC/BTC.
I think this is required to both avoid strategic withdrawals and a disadvantage of current supporters who maybe made their decision based upon the assumption that the reward will drop from block 400000 on-wards.




Thank you for your honesty and consistency, my investment will not be withdrawn.

since you've taken action, this project has gained value, not the reverse.

i'm not a coder,so my help in this initial step is ZERO, but i hope in the near future to be able to help in marketing.

legendary
Activity: 1260
Merit: 1168
February 24, 2016, 07:13:45 AM
#30
This message was too old and has been purged
legendary
Activity: 1260
Merit: 1168
February 24, 2016, 05:53:13 AM
#29
This message was too old and has been purged
newbie
Activity: 56
Merit: 0
February 24, 2016, 05:36:10 AM
#28
The entire point in this coin is user supplied PoW. You're saying that at this point you want to randomly make up a new coin to create?

I don't necessarily want to.  At this point I think we may have to, unless you by chance have any ideas as to how we slay the FAA dragon?

At this point I think my vision of the project is that our goal is to build a distributed market for computer resources, which uses secure protocols to guarantee that sellers get paid, buyers get correct results, and nobody gets his computer hacked.  I am, in principle, agnostic about the technology used to achieve this, though I believe that a new cryptocurrency will be a centrepiece.
newbie
Activity: 56
Merit: 0
February 24, 2016, 05:26:29 AM
#27
Next he runs a 10ms segment "honestly" to fill the buffer.  Then he can screw around all he likes with any part of the state not read during the loop, and compute hash after hash after hash using the same buffer until he finds one that works.  The state of the crypto at the start of the segment is just another part of the program state read during the loop.  As long as he doesn't touch it, then the buffer will be valid.

This is probably flogging a dead horse, but it just occurred to me that if the program state is stored in a Merkel tree, we could use StateMerkelRoot as an encryption key, which would not only change every instruction, but would force the attacker to reencrypt the entire buffer every time he tweaks the state.
legendary
Activity: 1260
Merit: 1168
February 24, 2016, 05:10:21 AM
#26
This message was too old and has been purged
hero member
Activity: 690
Merit: 505
Cryptorials.io
February 24, 2016, 04:56:31 AM
#25
At this point it is my opinion that user supplied PoW is dead in the water and we need to find another way to secure the blockchain.

The entire point in this coin is user supplied PoW. You're saying that at this point you want to randomly make up a new coin to create?
newbie
Activity: 56
Merit: 0
February 24, 2016, 04:41:31 AM
#24

Quote
I claim that the buffer will be written at a more or less constant rate.  In general, statements which change more variables will also take proportionately longer to execute.  If necessary we could add padding for statements that take much longer than average to execute.

I like the idea of padding.

I don't.  Its only purpose is the make the subsequent SHA-256 operation a more constant proportion of the total running time.  It also makes it more expensive.  This whole idea of adding overhead to make the system more secure might have some merit if it worked, and if our goal was only to build a slightly better bitcoin by harvesting as useful work a few percent of its PoW effort.  But it doesn't work, and I'd prefer to have the overhead rather than the useful work at the few percent level.

Quote
We would have to "empirically" determine which operations require padding and which not.

Yes, and average it over very different hardware.  What if an attacker were to run his FAA on an ASIC crafted for the purpose?  A faster-algorithm-in-the-hardware attack. In fact, this is exactly what has happened to bitcoin over the past few years.  For us, it is a nightmare.

Quote
Quote
Next note that SHA-256 is a serial algorithm.  We don't even need to allocate storage for the buffer; we just pipe it straight in.  Finally, note that it is a linear-time algorithm.  Any new algorithm computing the same function can be at best a constant times faster, otherwise finding collisions becomes trivial.  This is the basis for my claim that even the most powerful faster algorithm imaginable - an oracle that fills the buffer instantly - can achieve at best a linear speed-up.

Agreed.

It's a convincing argument.  It's not sound, though.  It took me a while to realise that.

What I have informally proven here, is that in a random oracle model in which the oracle is time-linear in the size of the input, the best an attacker can achieve is a linear speed-up.

Unfortunately it turns out that supra-linear speed-ups of SHA-256 and indeed all sequential hash algorithms are possible in some circumstances.  Let s be a security parameter.  Let S be a fixed string of length s.  Let c be a constant.  Let Ci be an arbitrary sequence of strings of length c.  Let S.Ci denote the concatentation of S and Ci and let Ci.S be construed accordingly. Then in the time-linear random-oracle model, the time to compute both sequences Oracle(S.Ci) and Oracle(Ci.S) are, trivially, both O(s).  However SHA-256(S.Ci) is trivially O(1).  All you do reuse the saved state of the SHA-256 algorithm for the constant part of the string.  I think SHA-256(Ci.S) is likely to be O(s), but I can't prove it.  Can you?

And this is serious, because our PoW protocol is precisely to compute sequences of SHA-256 where the input string has parts which can be manipulated by an adversary, and other parts which are constant.

This should be an object lesson in why people should be very, very, skeptical about claims of security proofs.  

Quote
Would it help to use the previous block to "seed" the buffer? It would add extra security in the sense that an attacker has only the time between two blocks to handcraft a PoW function which fits his "needs".

This is encryption, and if we're talking about 10ms segments, it helps not one iota, though it does add some overhead he can't avoid.  He doesn't have a limited time to handcraft his function.  He doesn't have to handcraft anything; he can use any innocent program such as might have been written by some other honest buyer.  All he has to do is find a reasonably tight loop which the program stays in for longer than 10ms, and runs the program "honestly" to reach that point.

Next he runs a 10ms segment "honestly" to fill the buffer.  Then he can screw around all he likes with any part of the state not read during the loop, and compute hash after hash after hash using the same buffer until he finds one that works.  The state of the crypto at the start of the segment is just another part of the program state read during the loop.  As long as he doesn't touch it, then the buffer will be valid.

The attacker has his oracle.  The buffer is filled up instantly because it is the same buffer he used before.

In fact the attacker can do even better than this.  He doesn't need to run the program "honestly" to reach his start point.  He can just initialise the read variables, including the crypto state, with plausible values.  If he keeps a copy of the unencrypted buffer, he could even screw around with the crypto state, reencrypting the buffer as necessary.  Think of the unread state, excluding the crypto state as analogous to bitcoin's "Nonce" then the crypto state could be "ExtraNonce", there to be used if the "Nonce" is too small, with just a little extra overhead.

So we see that the FAA is like a virus that exploits the very immune system which is intended to fight it.

Of course if it's the entire program, not just a 10ms segment, that is the PoW function, then yes, I agree that it would be difficult for an attacker to craft his program, especially if the crypto is seeded by the previous block, but then we're back to limiting the program time, which I don't want to do.  Additionally "difficult"/="impossible".

At this point it is my opinion that user supplied PoW is dead in the water and we need to find another way to secure the blockchain.
legendary
Activity: 1260
Merit: 1168
February 24, 2016, 04:39:53 AM
#23
This message was too old and has been purged
hero member
Activity: 690
Merit: 505
Cryptorials.io
February 24, 2016, 03:42:46 AM
#22
Quote
I would suggest that we allow for changes in the money supply

Changes in the money supply are in almost all cases the beginning of the end.
Increasing the money supply disadvantages everyone that holds coins at that time.

Yes you are right.

The baseline of performing PoW for other coins should be enough to give work with reasonable rewards for miners anyway.

I was just trying to look at Tau chain and I can't even find any explanation of how they secure consensus or whether their 'proof of code execution' is involved, and I'm not capable of finding out from reading the code. I wonder if perhaps they have been so busy discussing logical ontologies that they have allowed the security of the Agoras coin to take a back seat
member
Activity: 86
Merit: 10
February 24, 2016, 03:34:29 AM
#21
source code available after launch?

Of course, everything will be open source! Even the software that manages the crowdsale and the code for the website is open source.
Please check the website or the first post in this thread for the links to all GitHub repositories.

thanks for the answer and good luck
legendary
Activity: 1330
Merit: 1000
February 24, 2016, 03:30:14 AM
#20
Even if I am highly in debt right now, I am sure that this debt is just a drop in the ocean compared to what we as a community can achieve here.

I have an appointment now, I will resume the discussion about the algorithmic details from the other thread as soon as I am back.

sorry. you said you have hundreds of btc. now you are in debt.

I did not express myself well, sorry.
I just meant that I have spent a lot on this project already.

understood. 
legendary
Activity: 1260
Merit: 1168
February 24, 2016, 03:22:49 AM
#19
This message was too old and has been purged
legendary
Activity: 1260
Merit: 1168
February 24, 2016, 03:11:53 AM
#18
This message was too old and has been purged
hero member
Activity: 690
Merit: 505
Cryptorials.io
February 24, 2016, 03:11:00 AM
#17
Have you guys looked into Tau chain https://bitcointalksearch.org/topic/tau-chain-and-agoras-official-thread-generalized-p2p-network-950309 ?

There are some similarities to ELC such as 'proof of code execution' although I'm not sure if that is used to secure the chain or just get payment. I tried to follow Tau chain / Agoras a while back but a lot of the AI-type stuff just seemed overly optimistic to me.
legendary
Activity: 1260
Merit: 1168
February 24, 2016, 02:43:55 AM
#16
This message was too old and has been purged
hero member
Activity: 690
Merit: 505
Cryptorials.io
February 24, 2016, 02:12:47 AM
#15
.

Other than that, everything should be up for discussion, including the terms of the crowdfunding.  For example, I would like to suggest changing this:

Note, the coins that are given away in this crowdfunding will be the only coins in existence even if significantly less than 5 million coins are given away.

I would suggest that we allow for changes in the money supply, upon a 51% vote of the coin-holders.  For example, they might vote to pay workers more than 100% of the buyers' fees.  Why might they vote to dilute their own holdings?  Because they might hope to attract more miners and thereby expand the economy.  Of course there would have to be limits to ensure that minority coin-holders are not unduly disadvantaged.  Whether or not you like this idea, I think it should be open for discussion.


As long as the coin launches with the 5 million supply then I don't see what could be wrong with a majority vote changing absolutely anything.

But I very much disagree that this should be changed to attract more miners. Unless there is a lot more overhead for a miner performing the work compared to getting it done elsewhere the big advantage here is that the miner is already being paid twice - once with the fee for the work and once with the transactions fees in the blocks they mine. This will surely make mining more attractive than other coins?

Of course that depends both on how much efficiency needs to be sacrificed for security and therefore how much of the cost of mining is met by the market rate for the work done, and what the balance between the number of transactions and amount of submitted work being performed looks like, so I may well change my mind later, but as things stand I would argue against making a change to this.


Edit: In actual fact I think was being stupid there, because it will obviously be likely to have very little submitted work and very few transactions in the early days, so perhaps some coin generation may be necessary. But I think it should reduce to zero relatively quickly compared to other coins.
newbie
Activity: 56
Merit: 0
February 23, 2016, 11:46:16 PM
#14
I dont know man. I think you need to chill with all the fancy lingo.

The announcement is incoherent.  This is not entirely EK's fault.  I don't know how long EK has had control of the project, but it cannot have been more than about a day before he posted this.  It was a shambles when he inherited it; it is not surprising that it still is.

In my opinion EK should make one, and only one rock-solid unbreakable commitment at this point.  And that is that anybody who has cotributed BTC so far can have their money back right now, no questions asked, and that this offer will remain in place until we can come up with a clear, coherent statement of what it is we are proposing to do.

Other than that, everything should be up for discussion, including the terms of the crowdfunding.  For example, I would like to suggest changing this:

Note, the coins that are given away in this crowdfunding will be the only coins in existence even if significantly less than 5 million coins are given away.

I would suggest that we allow for changes in the money supply, upon a 51% vote of the coin-holders.  For example, they might vote to pay workers more than 100% of the buyers' fees.  Why might they vote to dilute their own holdings?  Because they might hope to attract more miners and thereby expand the economy.  Of course there would have to be limits to ensure that minority coin-holders are not unduly disadvantaged.  Whether or not you like this idea, I think it should be open for discussion.

If I have anything at all to bring to this project, it is out-of-the-box thinking.  But what good am I to you, if the box has been locked and the keys thrown away before I ever arrived on the scene?
legendary
Activity: 1330
Merit: 1000
February 23, 2016, 11:34:49 PM
#13
Even if I am highly in debt right now, I am sure that this debt is just a drop in the ocean compared to what we as a community can achieve here.

I have an appointment now, I will resume the discussion about the algorithmic details from the other thread as soon as I am back.

sorry. you said you have hundreds of btc. now you are in debt.

legendary
Activity: 1260
Merit: 1168
February 23, 2016, 06:23:55 PM
#12
This message was too old and has been purged
Pages:
Jump to: