Pages:
Author

Topic: WTF happened to ripple? - page 2. (Read 21828 times)

jr. member
Activity: 47
Merit: 1
February 24, 2013, 09:53:32 AM
#50

Now, I indeed remember the original ripple web-of-trust proposal being as gmaxwell described. The "new" system seems to be something else, and I echo people's concerns expressed in this thread and do not see how they have been resolved to any satisfaction. It may be unintentional on the part of the ripple developers, but something seems fishy or opaque about it (at least at this point in time), and it looks like a commercial rather than a community project.


+1. Excellent summary of the situation.

I find it near impossible to discuss this matter transparently with Joel.

Joel Katz: "I am prohibited from disclosing my opinion about XRP's future value."
(https://bitcointalksearch.org/topic/m.1554983)

This is not a joke, and while some people love to suck up to power authority, most bitcoiners in this forum are smart enough to recognize a rotten egg.

Joel, I recommend to you whole wholeheartedly to either expose your commercial intentions, or commit to altering and democratizing the txn solution at hand; otherwise you will be building a ticking time bomb. You won't end up controlling 50%+ market share but you know what they say: "Power tends to corrupt, and absolute power corrupts absolutely." Don't set yourself up for failure.

From a true open source and decentralized democratized point of view, the idea of centralized txn authority is ridiculous. If this is the "only viable solution" you should either be opening up the platform to multiple fiat currencies so that users can create their own and there is a competitive free market amongst txn fee operators, or define a rock solid democratic distribution plan of all the XRP.

Yet as I find the idea of an unsustainable self destructive txn fee currency a horrible idea akin to building on sand, the focus should be on disconnecting any value system from this txn fee mechanism, and focusing on proof of work as a security measure; or allow the network node operators to have a choice of what currency they prefer be paid as a txn mechanism.

I realize this is a technical challenge but my intention is to open the debate and make sure you are open to change, otherwise I and others will fork our efforts towards bitcoin web of trust enhancement and your "ripple + get rich quick scheme" will bite the dust.

You are clearly smart enough to know that we would realize this "necessary design flaw" as an overly greedy excuse on your part for power and control; therefore your downplaying of the issue leads me to believe your actions are highly strategic and premeditated. If you truly want to succeed with your efforts and with this community your veil of secrecy and prohibited dialog needs to end.

Joel, please do not take my comments as hostile or personal. I really want ripple to succeed, and I'm simply pointing out the elephant in the room.
newbie
Activity: 46
Merit: 0
February 24, 2013, 07:39:29 AM
#49
Credit where credit is due! The following scheme was described by Ben Laurie years ago:

The "central authority" consists of a set of distributed (and preferably independent) servers which keep track of the ledger of balances (a Merkle hash tree) using a Byzantine-fault-tolerant consensus protocol. They enforce constraints on the system (e.g., coin creation and distribution---no need to do it manually or premine) and blacklist dishonest or malfunctioning servers.

All the honest servers will agree to the same transaction log (of course a severe netsplit will stop transactions from committing). The clients need to come preconfigured with a list of servers (which can be updated by the network). So, unless something goes very, very wrong, there is no need for the user to worry about deciding whom servers to trust.

There are clearly some details to fill in to specify a complete implementation, scalability issues, etc., but Laurie's distributed currency uses established ingredients that are mathematically proved to work and gives you transaction confirmation in seconds (no need to "mine"). It could also be used for Bitcoin and other currency transfer/exchange (there seems to be a need for this anyway) as well as more advanced uses.

Now, I indeed remember the original ripple web-of-trust proposal being as gmaxwell described. The "new" system seems to be something else, and I echo people's concerns expressed in this thread and do not see how they have been resolved to any satisfaction. It may be unintentional on the part of the ripple developers, but something seems fishy or opaque about it (at least at this point in time), and it looks like a commercial rather than a community project.
legendary
Activity: 2940
Merit: 1090
February 24, 2013, 03:12:06 AM
#48
Oh well, next time maybe create a hundred trillion whatzits and give people fifty million each when doing giveaways, maybe instant internet multimillionaires wouldn't be as ungrateful as people who receive handouts of only a puny fifty grand! Wink

Cheesy

-MarkM-
full member
Activity: 209
Merit: 100
February 24, 2013, 02:59:42 AM
#47
Good one.  I will interpret Joel's _lack_ of disagreement with the previous remark as an implicit agreement :-)
legendary
Activity: 1064
Merit: 1001
February 24, 2013, 01:54:55 AM
#46
Those things that I cannot comment honestly on for any reason, I simply do not discuss.

Actually, this says a lot.

I am prohibited from discussing that.

I'll do it for you. You're insanely annoyed at the onslaught of newbs who just don't seem to understand that XRPs are not like Bitcoin. And you're frustrated because you can't respond to set them straight, because doing so might make the necessary and difficult bootstrapping process even harder.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
February 24, 2013, 01:52:01 AM
#45
So, can we get a straight answer?

JoelKatz can I have your personal opinions on the speculation going on with XRP right now (see my example quotes)?
Unfortunately, no. I am prohibited from discussing that. Those things that I cannot comment honestly on for any reason, I simply do not discuss. There's nothing I enjoy more than sharing my honest opinions with others, but in this area, I cannot do so.
legendary
Activity: 1064
Merit: 1001
February 24, 2013, 01:23:27 AM
#44
Can we please get a straight answer?

So, can we get a straight answer?

JoelKatz can I have your personal opinions on the speculation going on with XRP right now (see my example quotes)?
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
February 23, 2013, 11:35:17 PM
#43
As XRP is more suitable for payments than IOUs, it seems that IOUs would become only a secondary feature, and so it seems unfair to call this system Ripple.
I fully understand that this kind of reasoning has a kind of attractive logic to it, but I think that's an extremely unlikely scenario. I could have made a similar argument in 1950 that people would soon abandon fiat currencies and switch to gold certificates. I can make a similar argument that Bitcoin will make fiat currencies obsolete. Sure, that might be the endgame in the far future, but to focus on that endgame *now*, rather than the many decades of work we have to get there, is navel contemplation.
newbie
Activity: 58
Merit: 0
February 23, 2013, 11:01:21 PM
#42
I have got a similar opinion like OP.

Ripple.com is a mix of Bitcoin-like currency XRP and ripple IOUs. As XRP is more suitable for payments than IOUs, it seems that IOUs would become only a secondary feature, and so it seems unfair to call this system Ripple. The difference from Bitcoin would be no mining, but starting a new server would be more troublesome because the peer has to find some (many?) peers that he would trust not to cheat him, ideally some peers he knows.

How about True Ripple? I can think of a system with just IOUs without XRP. It would also be truly P2P. There wouldn't be the global ledger but just peers transacting with (few) peers they know. All value transfer would be performed using chains of IOU transfers between peers, obviously. To prevent spamming there would be fees for all activities using up resources, like routing a search through a node, or routing a payment through a node. If a node sets fees too high then the traffic would route through someone else eventually. The actual interaction between nodes would need to be somewhat cautious, so the money don't disappear on a half-way, but it seems doable.
legendary
Activity: 1205
Merit: 1010
February 23, 2013, 09:48:22 PM
#41

From what you've been telling me, this is not the case. But then we have Jed coming on and saying that yes Ripple does function as a unit of currency like Bitcoin. Which one is it? If the people involved with the project cannot even present a consistent description how can we have confidence in the system?


Of course it would be currency and with fixed/dwindling supply (after distribution process completes), it would be as good a store of value as bitcoin.  Obviously Joel is just doing the necessary PR to appease the 'premine' outrage.   Grin

If I had such a good PR/image skills I would have my own startup soon  Tongue
legendary
Activity: 1064
Merit: 1001
February 23, 2013, 09:06:57 PM
#40
Furthermore, it is _highly_ relevant and reassuring to hear that Ripple is committed to getting rid of a current central point of failure.

To paraphrase someone else's post in the forum, one of the intrinsic characteristics of Bitcoin is that every node needs to hear about every transaction. For example, every purchase of a child's popsicle or every microbet on a digital lottery. That's just the way the system works. Another characteristic is that individual nodes do not need to have trust in any other nodes for the system to work.

Ripple solves different problems than Bitcoin, and it seems to me that in exchange for getting decentralized scalability to infinity and multiple currencies, the price is that you have to trust at least one node (among other things). It seems reasonable to also accept that another unique property of Ripple is that, unlike Bitcoin, it must be bootstrapped in a centralized way. There needs to be that initial node of trust (unlike Bitcoin).

It is probably too early to worry about Ripple's current lack of decentralization. Bigger problems are:

1) Confusion over the role of XRPs
2) Lack of mathematical proofs of the security and performance of the system
3) Missing source code

We can't even determine if Ripple can be decentralized until we have answers to the three points above.
legendary
Activity: 1064
Merit: 1001
February 23, 2013, 08:55:44 PM
#39
Ripple is a Bitcoin-like payment system for any currency. "Ripple isn't a good currency" is a great rebuttal to an argument nobody's making.

I've been willing to set aside the lack of clear technical documentation and trust that the developers have rigorous mathematical proofs for their claims.

But as I have stated over and over again, it seems people are drawing the conclusion that the "Ripple" currency unit (XRP) functions in the same role as the Bitcoin (BTC). Specifically, that it is a store of value. I've been on the Ripple forum and pointed this out to you JoelKatz. People are coming on there saying they "want to buy a lot of Ripples" and I can only conclude that it is because they think that the Ripple will rise in value like the Bitcoin.

From what you've been telling me, this is not the case. But then we have Jed coming on and saying that yes Ripple does function as a unit of currency like Bitcoin. Which one is it? If the people involved with the project cannot even present a consistent description how can we have confidence in the system?

Either Ripples are just a marginally valued, artificially scarce resource designed to make transaction spam prohibitively expensive (in which case, it is being marketed totally the wrong way) or it functions like the Bitcoin as a store of value (in which, the premine rules Ripple out as any sort of legitimate system no matter how much is being given away).

Look at what people on the Ripple forum are saying:

This guy thinks that having XRPs means he has achieved wealth (like having a bunch of Bitcoins)
...greed of the founders drove the ideas down into irrelevancy.

Conflating XRPs with BTCs:
Bitcoin uses the coinbase stuff to hand out the initial distribution.  Ripple XRP is handed out by a single corporation.  A single corporation in control of 80% of the currency is a textbook definition of central authority.

Thinks Ripple is a "coin"
Ripple may be the coin for you...

And it goes on and on.

So what's up? Are XRPs coins, a store of value, like Bitcoin? Or what? Can we please get a straight answer?
legendary
Activity: 1205
Merit: 1010
February 23, 2013, 07:59:37 PM
#38
There is a reasonable fix for this though, just set a reorg limit say 100 blocks, and prompt for manual intervention from the user. Given a prolonged network partition situation, there would be either a central or democratic procedure to determine the winning branch, via a checkpoint. This assumes that network partition does not happen too often for longer than a day in practice.
Actually this might be the approach ppcoin eventually adopts.
that means that anyone who can create 100 blocks can shut the network down 'forever'— if that'll never happen, why secure against it?  If you have some consensus method that can easily resolve the shutdown why not use that for your consensus system instead of a PoX hashchain?  ::meh::  It might actually be a prudent sort of thing to do, but I'm skeptical.


It doesn't shut it down. It just refuses the reorg and log the event and tell user about it, and the network is still chugging along. User should be notified so if there was a legitimate network partition event going on, people can notice and start discussion about it.

Of course the concensus mechanism to deal with these partition event would be quite a bit centralized and costly, that's why there needs to be assumption that it rarely happens.
legendary
Activity: 1484
Merit: 1005
February 23, 2013, 07:55:59 PM
#37
I largely agree. It comes down to the practical question of which scheme will be more robust in the face of a motivated attacker. I don't think any of us really know that yet.
I can agree with that.

I'm still not sure that I've internalized the implications of your model in ripple, though I now think my initial understanding of the basic technicalities of were at least not totally incorrect.

I find it interesting that it's easy to describe topologies where you are insecure even though _all_ of your peers are honest and most of the network is honest:

Code:
                       /---- Honest0
                       /---  Attacker
         /------moron1 ----- Attacker
         /   /    |    \---- Attacker
         /   |    |    /---- Attacker
      you----|--moron2------ Attacker
         \   |    |    \---- Honest1
         \   \    |    /---- Honest2
         \------notmoron --- Honest3
 
In this graph there are 7 honest validators (honest*,moron*, and notmoron), and 5 attacker controlled identities. All of your direct peers are honest.  And yet you're exploited— Every validator you trustlist sees an attacker controlled majority even though only 41% of the total validators are dishonest.

So the Bitcoin security assumption (most hash power is honest) is not strong enough to make ripple secure if translated to comparable terms ('most trusted nodes in the system are honest').

How do your cryptographic signatures that show if someone misbehaved distinguish between them misbehaving vs trusting someone who misbehaved?  Couldn't I protect my reputation by attacking by simply arranging to trust dishonest sockpuppet nodes?  If I can't then isn't there considerable pressure to only trust the same nodes everyone else trusts?


This is the major problem with ripple.  Someone with a botnet can form thousands or tens of thousands of validated nodes and operate them as normal for months on end, then suddenly command them to reject certain transactions as invalid.  It doesn't even have to be a lot of transactions, just small ones that majorly benefit the botnet operator, and this could be performed very easily with no one catching on to it for some time.  You've created a "one IP one vote" system, something that is warned against in the original bitcoin protocol specifications.  If the chain lives long enough we'll all see why.  Sybil attacks are cheap and the threat of them is real.
staff
Activity: 4242
Merit: 8672
February 23, 2013, 07:46:25 PM
#36
There is a reasonable fix for this though, just set a reorg limit say 100 blocks, and prompt for manual intervention from the user. Given a prolonged network partition situation, there would be either a central or democratic procedure to determine the winning branch, via a checkpoint. This assumes that network partition does not happen too often for longer than a day in practice.
Actually this might be the approach ppcoin eventually adopts.
that means that anyone who can create 100 blocks can shut the network down 'forever'— if that'll never happen, why secure against it?  If you have some consensus method that can easily resolve the shutdown why not use that for your consensus system instead of a PoX hashchain?  ::meh::  It might actually be a prudent sort of thing to do, but I'm skeptical.


legendary
Activity: 1205
Merit: 1010
February 23, 2013, 07:28:16 PM
#35

Think about it this way though -- if you have a 51% attack against Bitcoin, you have to make fundamental changes in Bitcoin. If you have a consensus breaking attack against Ripple, you have to remove the conspirators from your trust list.


There is a reasonable fix for this though, just set a reorg limit say 100 blocks, and prompt for manual intervention from the user. Given a prolonged network partition situation, there would be either a central or democratic procedure to determine the winning branch, via a checkpoint. This assumes that network partition does not happen too often for longer than a day in practice.

Actually this might be the approach ppcoin eventually adopts.
legendary
Activity: 1205
Merit: 1010
February 23, 2013, 07:12:47 PM
#34
If you mean a mesh of trust with link X being some validator who trusts validators in both groups, then link X fail to achieve consensus and bow out. But that's as it should be -- X is misconfigured into two distinct networks. The two distinct networks can now proceed in peace. Presumably, nobody who only trusts validators on the left want to achieve consensus with those on the right, so it shouldn't matter.
Yes, I meant trust. Real social graphs have structure like that.  How do you prevent trust structures that will guarantee convergence failure from evolving? How will you manually resolve a loss of convergence from resulting from one?  How can you distinguish one that arose naturally from one created maliciously for plausibly deniable culpability in attacks?

Or more generally— What are the trust topological requirements to prevent failure?  This is the kind of requirement that needs to put into the security assumptions statement.

Hmm Joel I don't know if I like your answer here or not, are you saying a split of trust network is fine? I agree with gmaxwell here that your probably need some ensurance that this doesn't happen (at least make it very very unlikely). Network split is very very serious issue.

Another point I didn't get from your description is that what's your assumption on server node availability? Under a peer-to-peer setting a lot of nodes on UNL may have less than ideal availability, so making a 50% rule to solidify the ledger could be problematic. Also you don't know whether they have solidified they could suddenly all change their mind.
newbie
Activity: 46
Merit: 0
February 23, 2013, 08:13:04 AM
#33
All scale-free networks are vulnerable to directed attacks: just go after the most connected nodes. In Bitcoin we have seen successful attacks on major mining pools in order to steal their potential mining profits. Anyway, sure you can detect netsplits, but your high-volume network has still ground to a halt. Similarly you must assume worst-case placement of conspiring nodes. Crossing your fingers and hoping your scheme is robust is not enough...
full member
Activity: 238
Merit: 100
February 22, 2013, 06:16:07 PM
#32
Is there a similar compact and fairly comprehensive expression of Ripple's security assumptions that could help people reason about the system?
At the highest level -- you are secure so long as the majority of your trust list doesn't conspire. If you have a bad trust list, you can be lied to about what transactions have been applied by the system.
What happens if the majority of each of _their_ (unknowable to me) trust lists conspire?

Something bad must happen, otherwise— My partner and I each run a valditator node make my client trust only those. I know they don't conspire against me. Now my client behind them is totally safe! ...  or not.
You are, of course, completely right. I should be more precise. You are secure if the majority of the nodes on your trust list are secure. This ultimately devolves into the majority of the weight in your effective weighted trust not conspiring.

In your scenario, where you have trusted only two nodes and those two nodes trust conspiring nodes, you can't become convinced a transaction happened without them having that signed transaction to present. You can't rewrite the past. However, you could be duped into thinking a transaction was applied when it wasn't. You will have signed cryptographic proof that you were deceived. (Hopefully in the future, we'll automate collecting and distributing that proof so you only get to conspire once.)

Quote
Quote
Think about it this way though -- if you have a 51% attack against Bitcoin, you have to make fundamental changes in Bitcoin. If you have a consensus breaking attack against Ripple, you have to remove the conspirators from your trust list.
See my example as to why I don't think its so simple. Shutting out a single high hashpower attacker isn't hard and lots of altcoins have done silly things to accomplish it.  But it's pointless because shutting out a single attacker is not useful if the fundamental assumption that a badguy won't have a computing majority is flawed. Likewise, removing conspiring nodes from your trust list is perhaps not all that useful if they were ever able to get there in the first place.
I largely agree. It comes down to the practical question of which scheme will be more robust in the face of a motivated attacker. I don't think any of us really know that yet.




If they conspire once and that one time someone loses 1 million xrp its a flawed system. After all attackers will be motivated to go after clients who hold large balances.

staff
Activity: 4242
Merit: 8672
February 22, 2013, 05:50:42 PM
#31
If you mean a mesh of trust with link X being some validator who trusts validators in both groups, then link X fail to achieve consensus and bow out. But that's as it should be -- X is misconfigured into two distinct networks. The two distinct networks can now proceed in peace. Presumably, nobody who only trusts validators on the left want to achieve consensus with those on the right, so it shouldn't matter.
Yes, I meant trust. Real social graphs have structure like that.  How do you prevent trust structures that will guarantee convergence failure from evolving? How will you manually resolve a loss of convergence from resulting from one?  How can you distinguish one that arose naturally from one created maliciously for plausibly deniable culpability in attacks?

Or more generally— What are the trust topological requirements to prevent failure?  This is the kind of requirement that needs to put into the security assumptions statement.
Pages:
Jump to: