Topic: [white paper] Purely P2P Crypto-Currency With Finite Mini-Blockchain (Read 24190 times)

Well, I can only fully agree with you, because that's exactly what I was saying. It is possible, but we don't have to worry about it for reasons you stated.

Side note: bitcoin is slightly more resilient because you can't rewrite history from before of chain spilt, but it doesn't matter anyway.

Transaction history is retained for some reasonable window of time, e.g. a month.

To present to the network a blockchain which differs from the one others have, the only possible way is the differences must originate from before the retained transaction history (or the differences must include only transactions the attacker can sign which is same vulnerability in Bitcoin), because the attacker can't sign transactions for which he doesn't hold the private key.

Your only valid point is that if someone has significantly more than the network hashrate, they can compute a fake Proof Chain going back to before the retention window of transaction data, then they could claim any Account Tree they wish to.

Then you claim that nodes who have not always been online since the time of the deviation of the Proof Chain would not know which blockchain to trust (they would naturally trust the one with more hashrate).

But Bitcoin has a similar vulnernability, in that nodes would not know which transaction history to trust, i.e. the coinbase coins rewards that were for the miner could be awarded to the attacker. Fact is that there are records on the internet kept and so no one wold dare try this, because it would be front page news.

Thus your argument is silly. Copies of the valid Proof Chain will be stored all over the internet. Anyone trying to go back months and change the Proof Chain is going to be thwarted by the power of human communication.

Orphaned chains resolve on the order of hours, i.e. one chain doesn't hide from the world for months, then suddenly appear and expect to not be outed by human communication. Impossible.

For both mini-block chain coins and Bitcoin, the attacker would create a fork which no one would follow except for followers that were deviously (or fooled by some very powerful entity that could paint the media story) intent on following the attacker's theft.

And you are not grasping the point that you don't need to create different account tree with same hash as real one to cheat the system. Hash tree changes from one block to other and that's when you cheat. In next block (of your alternate proofchain) you just provide hash of tree which was not result of applying valid transactions to previous state but just made out of thin air. Without transactions you cant prove it's invalid.

You are still not grasping the mathematical point I made. There is no mathematical way to create an Account Tree in each block that is different from the only one that will hash to the hash value in the Proof Chain.

The Proof Chain guarantees that the Account Tree chain is not an imposter, even if the history of the Account Tree is discarded.

Transactions included in block describe operations which you have to do on current account tree to get updated version of this tree.
In block N Account Tree was in state X. We apply transactions and get state Y. Hashes of account tree in both states are included in adjacent blocks. Question is: what information do we need to verify if set of transactions which caused transition from state X to state Y obeyed network rules? Hashes in Proof Chain are not enough, they are just random strings for outside observer. Full Account Trees in both states are potentially not enough too (maybe txns in block N really sent all existing coins to single address ?). We need transactions. (BTW: header of transactions tree also need to be in proofchain).

In real world - yes. Just imagine what would happen if suddenly someone would emerge with longer bitcoin blockchain invalidating months of current blockchain. We would get a patch in no time with hardcoded checkpoint just after branching. Same thing will happen with any future sufficiently important cryptocurrency, so why keep pretending wee need system to resolve such conflicts in software?

I believe you are mistaken.

The Account Tree is a hierarchy of hashes and the single hash at the top of the tree is stored in the Proof chain. Thus in order to create an alternative history for the Account Tree, the adversary would need to construct an Account Tree history (at each block interval) which matches the Proof chain hashes (for each block) because the history of the Proof chain is never discarded. This can not be mathematically accomplished in log O(log N) time (i.e. not in exponential time) if the hashing algorithm approximates a Random Oracle or actually less restrictively for as long as it can't be preimaged, i.e. if a cryptographically secure hash is employed.


All that consensus discussion upthread has been rendered irrelevant by my assertion above. TADA!

Read first few pages - it sounds awesome! If you will need any help from web developer in future you can count on me

Wow, I didn't think anyone is still discussing this idea but still no one actually tried to implement it

As for the problem, I think you are mistaken. Attacker does not need to match hash in original proof chain. Proof chain contain only hashes, and without accompanying transaction data there is no way to tell if transformation of account tree from state which hashes to A to state with B hash is valid.
When attacker start his own branch he can create new tree and just tell that this hash resulted from set of legal transactions. After full cycle these transactions are lost and no one can prove he lied.

I still don't think it is a problem because we only have problem reaching consensus in short term. No one will have any problem with determining if blockchain which tries to overwrite few months of history is legitimate or not.

On further thought, aaaxn's proposed attack is impossible if the cryptographic hash used to construct the Account Tree and Proof Chain can't be preimaged.

Because there is no way the attacker can find a suitable set of replacement addresses and balances to match the hash in the Proof Chain.

Thus all the discussion that followed aaaxn's post above regarding centralization and the need to remember transaction data history is irrelevant.

I will play a coloredcoin based this interesting mini-blockchain project.

I really like this Mini-Blockchain concept. The potential is limitless. I was thinking about the concept and want to share some of the ideas I came up with.

If instead of defining the accounts by single public key, we allow multiple public keys and a number that represents the number of signatures required we can create a whole set of account types without any scripts.
Let's say first we store a byte, first 4 bits of which represent the number of keys in the account and the next 4 bits represent the number of signatures required, then the following table will show what kinds of accounts that could potentially define:

Keys	Signatures	Account Type
1	1	Regular
2+	1	Joined
2+	Keys	Mutual Agreement
3	2	Escrow

There are more values that I can define which could just be used as constants to represent additional account types like trust fund and the like.

So for escrow, you could just send the money to the 2of3 address and when the other party fulfill or not fulfill the terms, that you can specify in the memo, they or you can create a transaction, sing it and send it to the other party or the escrow for the other required signature. In most cases, the escrow wouldn't even have to get involved.

Now, how nice would it be to have a trust account without relying on a trustee.

I also thought to share the addresses not as set of public keys, but as hash of the set. It would save a lot of space and simplify the database structure, but that might potentially compromise the security in case of hash collision because optional public keys could make a lot of room for nonce data. Unless the address itself is signed by each of the keys used which would validate each key. And considering that key generation is slow, especially combined with hashing the security will be intact.

The other idea is:
Instead of using a separate data structure to save all the balances of all the accounts and synchronize every version of it with the network.
Miners could just list all the affected account/balance pairs from the current block and all the account/balance pairs that weren't mentioned since the discarded block in the current block.

I came up with it as I still can't wrap my head around how would miners be able to get all the historical versions of the account tree to validate it's accuracy in every point in time.

AnonyMint
I recently discovered your posts.
I find them very interesting and informative.
Thank you.

You once wrote that if government pays for everything, family doesnt matter much.
The collapse of former Soviet union seems to prove the contrary.
Are you familliar with Dmitry Orlov's book?
Orlov holds that the Soviet Union hit a “soft crash” because centralized planning, housing, agriculture, and transportation left an infrastructure private citizens could co-opt so that no one had to pay rent or go homeless and people showed up for work, even when they were not paid. He writes that Orlov believes the U.S. will have a hard crash, more like Germany’s Weimar Republic of the 1920s.
http://fora.tv/2009/02/13/Dmitry_Orlov_Social_Collapse_Best_Practices
(at 33 min)
Regards

The Problem with Altcoins.

Hope bitfreak! is still here lol

Monetary Darwinism. Listen to Daniel Krawisz at around the 34 min point:

http://letstalkbitcoin.com/e53-monetary-darwinism/#.UnmHJ3CBmfY

Im reading it now , why has it not been put forward to a test ?

Seems the only things left to do relate to  testing weaknesses.

Devs should be lining up. ?

Read in context at following link:

http://blog.mpettis.com/2013/10/hidden-debt-must-still-be-repayed/#comment-3551

============================


Prof. Pettis, are you refuting Paul Krugman's recent article where he wrote as quoted below?


Krugman displays a debt-to-GDP chart which is extremely misleading because total debt ratio for the UK is over 500%! Additionally we know most of the western government unfunded liabilities are hiding off balance sheet.

Or here where Krugman misleadingly argues that Spain's 25% unemployment is due to not enough debt spending, when others of us believe the unemployment is structural for as long as socialism (and the requisite shared Euro currency) has stymied Spanish competitiveness.

The socialist Krugman appears to argue every problem can be smoothed (on the way to resolution) with Keynesian debt spending.

Krugman even thinks the drop in world trade growth has something to do with container ships and tariffs, and I guess he failed to realize there is trade in services and that lower international trade means lower economic growth (except short-term where the debt is rushing into unsaturated debt markets of the newly emerging countries, such as the Philippines which is growing faster than any other country in the world, if discounting China's GDP growth as a fabrication).

P.S. Hope you saw Krugman's blog post on the Chinese and Middle Easterners parking their (crony ill-gotten) cash in London flats. The G20 socialism cooperation will be going after all this wealth, some of it justifiably so, but unfortunately I postulate the honest upper middle-class small businessmen will get razed too, which will worsen the postulated future implosion.

Read in context at following link:

http://blog.mpettis.com/2013/10/hidden-debt-must-still-be-repayed/#comment-3549

============================

Guys thank you for both pointing out quite eloquently that the world has turned socialist, thus the "far-left" is now the "center-right". For me as a minanarchist (subset of Libertarian), any redistribution plan is "left" relative to a historical baseline. If the entire population is left, then I have to wait for them to kill themselves as leftists always do, so then the true "center-right" is restored after that.

They always kill themselves because they don't understand the basic premise of economics, which is that small things grow faster, thus any form of central planning is waste and bankruptcy, but not until after the socialists do everything they can do to disallow bankruptcy including gestapos, rationing, etc. I want to refer you to some specific comments I already made on this page, which go into more detailed explanation:

1800s vs. 1900s vs. 2000s coming

failure of centralized investment

why smaller things grow faster

illogic of collective central planning

The reason insurance is always failure is because it pools investments and the investments are thus centrally planned.

Sorry to you socialists but I remain a minanarchist because history has always repeated. The socialists get blinded by a recent 50 - 80 years, so then they drive over the cliff as they always do. How many genocides, dark ages, and massive economic implosions from history do you need me to cite and relate to the socialism that caused them. Of course the socialists will invent other causation theories. C'est la vie!

Since I am the only minanarchist here and since I think Dr. Pettis wants to hear from all sides, I hope you all understand why I have so many comments on this page, because I am the only person speaking from the other side on this page. Yes we are far outnumbered by the socialists, and that is why we need an anonymous weapon to survive the outcome of socialism, such as Bitcoin as I have suggested as a possibility (not certain).

http://blog.mpettis.com/2013/10/hidden-debt-must-still-be-repayed/#comment-3544



==============================

http://blog.mpettis.com/2013/10/hidden-debt-must-still-be-repayed/#comment-3546

Agreed , I'll agree to disagree at this point .

I agree the blockchain issue needs focus..