BitShares Forum

Main => General Discussion => Topic started by: bytemaster on November 30, 2013, 07:57:55 am

Title: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on November 30, 2013, 07:57:55 am
Transactions as Proof-of-Stake & The End of Mining
http://the-iland.net/static/downloads/TransactionsAsProofOfStake.pdf

Quote
The concept behind Proof-of-Stake is that a block chain should be secured by those with a financial interest in the chain.  This paper will introduce a new approach to Proof-of-Stake that utilizes coin-days-destroyed by every transaction as a substitute for the vast majority of the security currently provided by Proof-of-Work.   Unlike prior Proof-of-Stake systems in which only some nodes contribute to the proof-of-stake calculation, we present a new approach to Proof-of-Stake whereby all nodes generating transactions contribute to the security of the network.  The result is that the network immune to known attacks against Bitcoin or Peercoin.

Quote
Every transaction on the network carries with it an implicit Proof-of-Stake in the network. The creator of the transaction wants the network to accept it and the receiver of the transaction is making decisions on whether or not to ship goods based upon whether or not the network has accepted the transaction.    It is clear that those behind the transaction have a stake in the health of the network.  After all, the network is worthless if transactions cannot be executed as expected.   A well functioning network will have thousands of transactions every single block.   This represents thousands of stake holders who could be contributing to the security of the network.


Quote
In order for a 51% attack to be successful in a Proof-of-Work system, the attacker must keep their alternative chain secret.   Once they have locked in the profits from their first spend, they can broadcast the longer secret block chain which will invalidate the original transaction.   Keeping solved blocks secret is also used in the selfish-mining attack which can be effective with much less than 51% of the hashing power.   

In order to prevent this kind of behavior we must make it impractical for miners to maintain secret block chains.  If every transaction that is broadcast contains the hash of  a recent block and the block chain enforces the rule that the transaction can only be included in block chains that build off of that block then no one will be able to build secret block chains that leverage the coin-days-destroyed of transactions in the public chain.
 

Please read my paper for further details, but I believe that I have a Proof-of-Stake system that requires no explicit mining and for which mining is never 'profitable'.   If the security model holds review then this could dramatically change the future of all DACs and crypto-currencies, eliminate mining pools, lucky mining, vesting, ASICs, the 51% attack, selfish-mining, merged-mining, denial of service, etc.   

Please review and give me your feedback.

 
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: luckybit on November 30, 2013, 08:53:29 am
Transactions as Proof-of-Stake & The End of Mining
http://the-iland.net/static/downloads/TransactionsAsProofOfStake.pdf

Quote
The concept behind Proof-of-Stake is that a block chain should be secured by those with a financial interest in the chain.  This paper will introduce a new approach to Proof-of-Stake that utilizes coin-days-destroyed by every transaction as a substitute for the vast majority of the security currently provided by Proof-of-Work.   Unlike prior Proof-of-Stake systems in which only some nodes contribute to the proof-of-stake calculation, we present a new approach to Proof-of-Stake whereby all nodes generating transactions contribute to the security of the network.  The result is that the network immune to known attacks against Bitcoin or Peercoin.

Quote
Every transaction on the network carries with it an implicit Proof-of-Stake in the network. The creator of the transaction wants the network to accept it and the receiver of the transaction is making decisions on whether or not to ship goods based upon whether or not the network has accepted the transaction.    It is clear that those behind the transaction have a stake in the health of the network.  After all, the network is worthless if transactions cannot be executed as expected.   A well functioning network will have thousands of transactions every single block.   This represents thousands of stake holders who could be contributing to the security of the network.


Quote
In order for a 51% attack to be successful in a Proof-of-Work system, the attacker must keep their alternative chain secret.   Once they have locked in the profits from their first spend, they can broadcast the longer secret block chain which will invalidate the original transaction.   Keeping solved blocks secret is also used in the selfish-mining attack which can be effective with much less than 51% of the hashing power.   

In order to prevent this kind of behavior we must make it impractical for miners to maintain secret block chains.  If every transaction that is broadcast contains the hash of  a recent block and the block chain enforces the rule that the transaction can only be included in block chains that build off of that block then no one will be able to build secret block chains that leverage the coin-days-destroyed of transactions in the public chain.
 

Please read my paper for further details, but I believe that I have a Proof-of-Stake system that requires no explicit mining and for which mining is never 'profitable'.   If the security model holds review then this could dramatically change the future of all DACs and crypto-currencies, eliminate mining pools, lucky mining, vesting, ASICs, the 51% attack, selfish-mining, merged-mining, denial of service, etc.   

Please review and give me your feedback.

 

Interesting concept. I think I would add that the purpose of mining isn't just to promote the security of the network in a static technical sense but also promote the health of the network in a dynamic economic sense. To elaborate, if mining is profitable then people must constantly upgrade their computers and the aim would be for these people to upgrade their computers in a decentralized manner. Millions of users buying GPUs, CPUs, RAM, or encrypted hard drives are all good for technological progress and mining indirectly encourages that.

A lot more GPUs were sold because of mining. A lot of CPUs are sold because of mining. Generally mining as an industry produces a lot of beneficial economic activity which I think we should not want to lose.

The other benefit of mining beyond coin distribution is that spare CPU cycles can actually be used in beneficial ways as well. The POW in Bitcoin is functionally useless but in future iterations or new coins there might be a POW which does protein folding, which has some useful supercomputer purposes, so I don't think we ought to give up these possibilities either.

Those are of course the benefits. The costs of POW are that there are cheaters in the system who pump and dump, who use botnets, who get what many people consider to be an unfair amount of coins early on, and they provide none of the economic benefits in the two examples I laid out. In the case of using digital ocean someone had to purchase the hardware so the economic benefit exists and in my opinion that is beneficial. It ultimately is not any different from having bought the coins with the only benefit being that it was bought before the exchange was set up. A botnet contributes hashing power but has a negative economic impact because the person running the botnet truly has no stake because they did not pay any money for the coins, or even really mine them on their own computers, so these individuals have no stake at all in the success of the network.

What are the benefits and costs of transactions as Proof of Stake? What are the benefits and costs of the end of mining? We need a side by side comparison between the current state of things and the new way of doing things so that we can do a side by side analysis of the benefits and costs of each proposal.

For me I want a network where those who secure the network are rewarded, and can make profit in doing so but also have the incentive be set up that they'll take a portion of their profit to upgrade the network as well. Part of the issue I keep hearing with Bitcoin is that the Max_Block_Size is an issue and now we are reaching the limits of the 7 transactions per second. Why can't they raise the Block Size? They claim it's because the majority of people don't have computers fast enough to handle it.

The only solution in my opinion is for mining to be profitable enough for everyone to be able to upgrade their computers to add new functionality to the network as needed. Will the transactions as Proof of Stake be robust enough to scale? Bitcoin currently isn't scaling in my opinion primarily because the profits from mining are too centralized and only people with ASICs (perhaps farms of ASICs) at this point can mine professionally.

Transactions as proof of stake should be tested out. Perhaps it is a good idea to try it on a hybrid chain at first and see. Then if it can work on a hybrid then try it out on it's own chain. At this moment in time it's untested and I'd like to see what it can do in a test setting.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on November 30, 2013, 09:07:28 am
With the advent of DACs and decentralization through parallel and independent chains proof-of-work does not scale as there are too many potential chains.  The CPU power created to mine one strong chain can kill a baby chain.  The result is merged mining, but this only works for compatible mining algorithms and has other overhead.   

Benefits:
1) Eliminate the need for Merged Mining to Scale in Parallel
2) Eliminate the need for Centralized Mining Pools
3) Eliminate inflation in coins... from the perspective of a DAC this means decreased costs and increased profits.  End result: increased share-holder value.
4) Eliminate 51% attack and Selfish Mining Attack

Benefits of Mining:
1) Socially beneficial proof of work (Primecoin?).... there could still be a DAC for this and there is no need for this to be part of every coin.
2) Viral Marketing and Initial Distribution of Coins ....  useful early on, there are many ways to achieve this without depending on it long-term.
3) Advancing Technology?   Perhaps, but I contend that we are a long way from being a driving factor in general purpose advancements.  The profits available are already sufficient to motivate the best talent to improve general purpose computing (CPU/GPU/RAM).
4) .... ??? ....

The Cons of Mining:
1) Leads to centralization due to economies of scale.
2) Distribution method causes Amazon and DO to profit from the issuance rather than the developers.
3) Favors Botnets and encourages this kind of crime.
4) Can be a easy point of control for governments.

The Cons of Proof-of-Stake?
1) How to distribute coins?  Many options here.
2) Variable transaction volumes make confirmation time unpredictable?
3) Difficult to pre-verify chain by block-headers alone.
4) ???
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Beetle559 on November 30, 2013, 09:39:49 am
I'm damn glad I saw your presentation in Atlanta, too many others are focused too much on bitcoin. I want to see what else can be achieved with these magic crypto powers and would hate to miss the boat.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: glitchboy on November 30, 2013, 11:22:33 am
Have a look at Nxt: https://bitcointalk.org/index.php?topic=345619.0
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on November 30, 2013, 02:29:17 pm
Nxt looks very interesting.


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: phoenix on November 30, 2013, 09:29:25 pm
This is a very good idea, and I think the result would be a secure and reliable network. However, you still have to figure out how to distribute the coins. My biggest question is: what blockchain do you want to try to use this for?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: ruletheworld on November 30, 2013, 09:42:04 pm
This is a very good idea, and I think the result would be a secure and reliable network. However, you still have to figure out how to distribute the coins. My biggest question is: what blockchain do you want to try to use this for?
ProtoShares of course :)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: phoenix on November 30, 2013, 09:55:27 pm
This is a very good idea, and I think the result would be a secure and reliable network. However, you still have to figure out how to distribute the coins. My biggest question is: what blockchain do you want to try to use this for?
ProtoShares of course :)
So, are we looking at another hard fork in ProtoShares?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on November 30, 2013, 09:56:28 pm
No


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Pocket Sand on December 01, 2013, 07:23:59 am
Quote
The Cons of Proof-of-Stake?
1) How to distribute coins?  Many options here.
This is quite a bit of a question really. Mining works to distribute coins efficiently and allows anyone (with varying amount of course) to actually create the coin free and anonymously. One of the foundations promised of Bitshares is that it will be decentralized, I am not sure why you feel the need to take the initial foundation of incentivised mining out of Bitshares rather than focusing on more logistics of the idea of Bitshares as a whole.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: ebit on December 01, 2013, 07:43:25 am
I love pos
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: coolspeed on December 01, 2013, 09:12:43 am
On bitcoin system, miners contribute hash powers the DAC needs, than the DAC taxes by inflation from the share(coin) holders to purchase the hash power. All this process is a fair business.

In the case of Transactions as POS,I am worrying whether there will be a rational issue Model.

Though, I really appreciate your effort on the thinking of all the Merged Mining, vesting, proposing decentralization, etc.

May you make it.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: smiley35 on December 01, 2013, 09:18:50 am
Have a look at Nxt: https://bitcointalk.org/index.php?topic=345619.0

Did you get paid to put this here? They are only giving them out to people that "promote" the coin on other forums.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: glitchboy on December 01, 2013, 11:58:48 am
Have a look at Nxt: https://bitcointalk.org/index.php?topic=345619.0

Did you get paid to put this here? They are only giving them out to people that "promote" the coin on other forums.
No, I didn't. I posted it there because Nxt is Proof-of-Stake-only coin.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 01, 2013, 12:13:42 pm

On bitcoin system, miners contribute hash powers the DAC needs, than the DAC taxes by inflation from the share(coin) holders to purchase the hash power. All this process is a fair business.

In the case of Transactions as POS,I am worrying whether there will be a rational issue Model.

Though, I really appreciate your effort on the thinking of all the Merged Mining, vesting, proposing decentralization, etc.

May you make it.

Coins have already been issued via mining if you want to call that rational. 


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: td services on December 01, 2013, 04:41:22 pm
Mining coins makes sense as a byproduct of a productive activity of a DAC, say providing encrypted wireless mesh networking bandwidth, or providing encrypted network storage space in a Tahoe-LAFS public cloud, but otherwise seems to be a senseless waste of resources. The mining aspect of Bitcoin didn't really make sense to me when I first learned about it (when it was at .10 USD), which kept me from being an early adopter at the time.

NXT has a proof of stake in development, but Mastercoin-Exodus and Bitshares have a much more professional organization as projects.

I've been through 4 different methods of coin distribution: Giveaway with huge amount held in reserve by originators- Ripple; Purchase during public offering with deadline, no cap limit - Mastercoin; Mining - Protoshares; and Public Offering with no deadline or capitalization limit posted - NXT. Of the 4, Mastercoin, with the simple purchase of shares with a set deadline and schedule of early adopter bonuses has been by far the best.

From this experience, I would favor methods including awarding bitshares to developers for work, IPOs with set deadlines or capitalization limits and bonuses for early participants, and additional creation and payment of bitshares such as providing useful computational work related to the purpose of the DAC, provision of storage space, or supplying network bandwidth. Dividends from the DAC may awarded according to Proof of Stake or maybe it would be preferable to just let the value of the shares appreciate to avoid creating a tax liability.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 01, 2013, 05:10:16 pm
Can anyone find details on nxt proof of stake.


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Pocket Sand on December 01, 2013, 05:14:11 pm
Mining coins makes sense as a byproduct of a productive activity of a DAC, say providing encrypted wireless mesh networking bandwidth, or providing encrypted network storage space in a Tahoe-LAFS public cloud, but otherwise seems to be a senseless waste of resources. The mining aspect of Bitcoin didn't really make sense to me when I first learned about it (when it was at .10 USD), which kept me from being an early adopter at the time.

NXT has a proof of stake in development, but Mastercoin-Exodus and Bitshares have a much more professional organization as projects.

I've been through 4 different methods of coin distribution: Giveaway with huge amount held in reserve by originators- Ripple; Purchase during public offering with deadline, no cap limit - Mastercoin; Mining - Protoshares; and Public Offering with no deadline or capitalization limit posted - NXT. Of the 4, Mastercoin, with the simple purchase of shares with a set deadline and schedule of early adopter bonuses has been by far the best.

From this experience, I would favor methods including awarding bitshares to developers for work, IPOs with set deadlines or capitalization limits and bonuses for early participants, and additional creation and payment of bitshares such as providing useful computational work related to the purpose of the DAC, provision of storage space, or supplying network bandwidth. Dividends from the DAC may awarded according to Proof of Stake or maybe it would be preferable to just let the value of the shares appreciate to avoid creating a tax liability.

People who preferred Mastercoin were the ones who could buy in early. By giving these away directly you are setting up a system looking more identical and centralized like Mastercoin as well... When you only cater to people who have the money the coins will end up in the hands of not nearly as many people.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 01, 2013, 05:25:54 pm
Mastercoin lacks liquidity and publicity of being a tradable coin.   It has inefficient price discovery because those early investors were in it for the long haul.  It is also hard for Chinese to participate in. 

All of that said a premine coin sold into existence like mastercoin secured by mining may be the best of all. 




Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Pocket Sand on December 01, 2013, 05:32:03 pm
Well as I was lead to believe Mastercoin's main difference from Bitshares is that Bitshares is actually decentralized, but if it is being premined and distributed, that takes out basically the point of calling Bitshares truly decentralized.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 01, 2013, 05:41:55 pm
All systems start out centralized including bitcoin and proto shares.   

Decentralized is all about control and is something that is achieved as a system matures. 

Without our vc funding which is centralized protoshares would not have raised enough money for us to deliver. 

Most major undertakings require centralization of capital.   I know no open source projects that did not start life centralized. 




Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Pocket Sand on December 01, 2013, 05:59:52 pm
Bitcoins was in the least sense of the word: Centralized.
Satoshi developed the software over a year and a half and allowed other developers to aid him completely open source.

On the other hand you're talking about controlling the money supply.

So is the plan at the moment to begin like Mastercoins and have a sell off of coins from Invictus? If so will you be selling the coins relative to the market price of Protoshares?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 01, 2013, 06:01:46 pm
No that is not our plan for bitshares because we do not need to raise capital for bts.


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Pocket Sand on December 01, 2013, 06:06:43 pm
Quote
All of that said a premine coin sold into existence like mastercoin secured by mining may be the best of all. 
No that is not our plan for bitshares because we do not need to raise capital for bts.


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)

So is bitshares at the moment still planned to be traditional mining for generation of new coins? I apologize I might have been thrown off by the thread's earlier discussion.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 01, 2013, 06:08:33 pm
If theory in the OP holds it will be proof of stake where initial stake is determined by pts


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: phoenix on December 01, 2013, 06:10:27 pm
How will new BTS come into existence after the initial release? Or will they all just be based from PTS?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 01, 2013, 06:11:54 pm
If proof of stake can work on its own then why would we need new coins.  I want to maximize bts value. 


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Pocket Sand on December 01, 2013, 06:13:57 pm
In that case do you still think you would offer dividends on Bitshares?

Phoenix: If you're interested read up on current Proof-of-Stake methods work to see how they distribute their coins, Peercoin is the largest by far right now.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 01, 2013, 06:22:10 pm
Dividends come from trx fees and would still exist. 


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: phoenix on December 01, 2013, 07:19:08 pm
Phoenix: If you're interested read up on current Proof-of-Stake methods work to see how they distribute their coins, Peercoin is the largest by far right now.

Thanks, I think I have a general idea of how Peercoin does it, but it looks like Bytemaster will be doing it differently, with all the Bitshares released at the start, based on Protoshares.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 01, 2013, 07:24:24 pm
I am really looking for attacks on my pos system


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: phoenix on December 01, 2013, 08:13:28 pm
So the basic idea is that the more coin-days destroyed in a given block, the lower the difficulty. But even if someone had enough computing power to find blocks that only destroyed a few coin-days, their chain would still be rejected, because proof of stake is used as the primary judge of chain size, not proof of work. Therefore, the fastest growing chain will be the one that includes the most transactions, which keeps the network healthy. The only flaw I can find is the possibility of somebody finding a way to factor public keys to derive the private keys, but I think we can all agree that if this happens, we have much bigger problems to deal with.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 01, 2013, 08:16:19 pm

So the basic idea is that the more coin-days destroyed in a given block, the lower the difficulty. But even if someone had enough computing power to find blocks that only destroyed a few coin-days, their chain would still be rejected, because proof of stake is used as the primary judge of chain size, not proof of work. Therefore, the fastest growing chain will be the one that includes the most transactions, which keeps the network healthy. The only flaw I can find is the possibility of somebody finding a way to factor public keys to derive the private keys, but I think we can all agree that if this happens, we have much bigger problems to deal with.

Exactly


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: WaPTS on December 02, 2013, 02:25:00 am
I am really looking for attacks on my pos system


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
can we develop a system to avoid the 51% attack totally , I have some thinking , in democratic society, one person have  larger  power and he only have one vote,  a node have larger power of hash ,it is only mean  he have the larger capacity for mining,  not the larger power of main chain,
we can think as following
1. one node cannot find two continuous bolck
2. the difficulty of every node is different,  for example if the node not find the bolck in 10min , the difficulty is same as the normal  difficulty, but if the node can one bolck in 10 min the difficulty become the 2*normal difficulty ,  if find 3 bolck in 10min ,the difficulty become the 4*normal difficulty , and so on ,   if we need to 6 bolck confirm , though a man have 51% power of hash , he also cannot carry out 51% attack.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 02, 2013, 03:02:19 am
I am really looking for attacks on my pos system


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
can we develop a system to avoid the 51% attack totally , I have some thinking , in democratic society, one person have  larger  power and he only have one vote,  a node have larger power of hash ,it is only mean  he have the larger capacity for mining,  not the larger power of main chain,
we can think as following
1. one node cannot find two continuous bolck
2. the difficulty of every node is different,  for example if the node not find the bolck in 10min , the difficulty is same as the normal  difficulty, but if the node can one bolck in 10 min the difficulty become the 2*normal difficulty ,  if find 3 bolck in 10min ,the difficulty become the 4*normal difficulty , and so on ,   if we need to 6 bolck confirm , though a man have 51% power of hash , he also cannot carry out 51% attack.

There is no way to identify nodes, all we have is 'information'.   Difficulty is irrelevant because proof-of-stake determines longest block and nodes cannot cheat this.   Just like any company where a shareholder who owns 51% of the stock can do anything they want (more or less), the same applies to DACs.   There is no way around the 51% ownership attack in a world subject to sybil attacks.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: td services on December 02, 2013, 03:25:25 am
Can anyone find details on nxt proof of stake.

Code is supposed to be released 1/3/14. Parts may be requested for review and some snippets are posted at https://bitcointalk.org/index.php?topic=352286.0
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 02, 2013, 04:19:15 am
Can anyone find details on nxt proof of stake.

Code is supposed to be released 1/3/14. Parts may be requested for review and some snippets are posted at https://bitcointalk.org/index.php?topic=352286.0

So no white papers... closed development... grrr.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: td services on December 02, 2013, 04:16:29 pm
Can anyone find details on nxt proof of stake.

Code is supposed to be released 1/3/14. Parts may be requested for review and some snippets are posted at https://bitcointalk.org/index.php?topic=352286.0

So no white papers... closed development... grrr.

Yes, I liked the idea in the intro of distributed ebay type markets and wanted to invest a little, but the project seems kinda squirrely.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 02, 2013, 07:36:58 pm
I am trying to determine if trx fees can be used as a metric to limit block production rather than mining difficulty.  Trx fees are paid as dividends and thus 'lost' and if you increase the minimum fee per block you would slow down block production just like increasing mining difficulty. 

Every transaction that cares about being confirmed rapidly would include fees.  These fees just serve to limit the production rate without waisting CPU power on mining.  The best chain is still decided by coin-days destroyed. 

You could then have a fixed 'minimum mining difficulty' used to determine settle cases where multiple people generate transactions at the same time.   So the process is, generate trx, add it to block, check to see if min fee has been reached, if so hash block, and 1 in 100 chance that it will meet the minimum difficulty.   

So now the higher the transaction fees the more expensive it becomes to generate empty blocks and alternative chains.   

Just some thoughts, looking for feedback.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: phoenix on December 02, 2013, 08:57:23 pm
I am trying to determine if trx fees can be used as a metric to limit block production rather than mining difficulty.  Trx fees are paid as dividends and thus 'lost' and if you increase the minimum fee per block you would slow down block production just like increasing mining difficulty. 

Every transaction that cares about being confirmed rapidly would include fees.  These fees just serve to limit the production rate without waisting CPU power on mining.  The best chain is still decided by coin-days destroyed. 

You could then have a fixed 'minimum mining difficulty' used to determine settle cases where multiple people generate transactions at the same time.   So the process is, generate trx, add it to block, check to see if min fee has been reached, if so hash block, and 1 in 100 chance that it will meet the minimum difficulty.   

So now the higher the transaction fees the more expensive it becomes to generate empty blocks and alternative chains.   

Just some thoughts, looking for feedback.

So every block needs to have a minimum amount of transaction fees. Wouldn't this cause block production to slow down when transactions slow down?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: praxeologist on December 02, 2013, 09:22:15 pm
I'm trying to understand all of this... I think I read elsewhere that half of the transaction fees will be paid as dividends split up amongst all holders of coins and half will be paid to the miner along with a block.. or that was just an idea, not sure.

Quote
Trx fees are paid as dividends and thus 'lost'

Why is that "lost"?

--

I think maybe this idea is okay if I understand part of it. You might want to explain in the beginning of your paper what "coin-days-destroyed" is because I wasn't familiar with this jargon.

Why is the best chain decided by CDD? You mean because people are using the currency in transactions more than just mining and sitting on them waiting for their price to go up?

How do you decide a minimum mining difficulty, just something arbitrary like coins not incurring time until after the first 24 hours as mentioned in the paper?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 02, 2013, 10:04:23 pm
I am trying to determine if trx fees can be used as a metric to limit block production rather than mining difficulty.  Trx fees are paid as dividends and thus 'lost' and if you increase the minimum fee per block you would slow down block production just like increasing mining difficulty. 

Every transaction that cares about being confirmed rapidly would include fees.  These fees just serve to limit the production rate without waisting CPU power on mining.  The best chain is still decided by coin-days destroyed. 

You could then have a fixed 'minimum mining difficulty' used to determine settle cases where multiple people generate transactions at the same time.   So the process is, generate trx, add it to block, check to see if min fee has been reached, if so hash block, and 1 in 100 chance that it will meet the minimum difficulty.   

So now the higher the transaction fees the more expensive it becomes to generate empty blocks and alternative chains.   

Just some thoughts, looking for feedback.

So every block needs to have a minimum amount of transaction fees. Wouldn't this cause block production to slow down when transactions slow down?

Yes it would slow down block production, but anyone who cares about rapid block production can pay a fee to speed it up.  I think BTS will be more likely suffer from too many transactions due to the built in exchange and limited block size.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 02, 2013, 10:54:37 pm
I'm trying to understand all of this... I think I read elsewhere that half of the transaction fees will be paid as dividends split up amongst all holders of coins and half will be paid to the miner along with a block.. or that was just an idea, not sure.

Quote
Trx fees are paid as dividends and thus 'lost'

Why is that "lost"?

--

I think maybe this idea is okay if I understand part of it. You might want to explain in the beginning of your paper what "coin-days-destroyed" is because I wasn't familiar with this jargon.

Why is the best chain decided by CDD? You mean because people are using the currency in transactions more than just mining and sitting on them waiting for their price to go up?

How do you decide a minimum mining difficulty, just something arbitrary like coins not incurring time until after the first 24 hours as mentioned in the paper?

When I say they are lost I mean that 'destroying coins' causes equal economic transfer of wealth as a dividend payment.   With proof-of-stake there would be no mining rewards and thus 100% of transaction fees are 'destroyed' and paid as dividends. 

The only remaining purpose for 'mining' is to decide who gets to broadcast the next block.  This mining is still waisted mining that consumes electricity and opens the door for people to attack.  If we switch the metric to total trx fees then the individual who publishes the transaction that pushes it over the threshold is the one that gets to publish the block.  In this case the 'proof-of-work' is the transaction fee (paid as dividend). 

So the question then becomes what is the minimum transaction fee?   I think it could be 1% of the money supply per 100 GB of block chain data (1 year).   You are really paying for storage space in the block chain and that is independent of the content of the transaction.   The minimum fee can then be used to make sure that no more than 100 GB of blocks are generated per year.  If blocks are coming too quickly that means transaction volume is too high and fees should go up. 

Given two chains, the 'best chain' is the one with the most coin-days-destroyed.  Ties go to the chain with the lowest money supply.  When a block is assembled it should include the transactions with the most coin-days destroyed first (for security) and then highest fees second.

Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 04, 2013, 11:58:04 pm
The proof-of-stake algorithm that uses coin-days-destroyed to identify the 'best chain' works for security, but is missing one benefit of mining: decentralized decision on who creates the next block and when it should be created.   

There needs to be a way to prevent an attack on the network by the constant generation of 'better blocks' that replace the current head block.
   - this could cause new transactions to 'waist' their confirmation efforts on orphan blocks and thus weaken the coin-days destroyed on the main block.
   - this could in theory prevent any new blocks from ever being added.   

The first step in this process is to solve the problem of who should be allowed to broadcast a block.  In bitcoin any block that meets the proof-of-work may be broadcast, but under proof-of-stake there is no similar metric.   I would like to propose the following set of solutions:

1) A block may only be produced by the signer of the input with the most coin-days destroyed.
2) A block must meet the minimum transaction fee threshold which is adjusted to control the rate at which blocks are produced.
3) A given output may only be used to broadcast once.
4) The creator of the block receives a percentage of the transaction fees proportional to their fraction of the coin-days destroyed in the block.

Lets see if this prevents attacks:
1) To control the production of blocks you must regularly destroy more coin-days per block than anyone else.  This is a significant limit.
2) To maximize profits you must include as many transactions with fees as possible
3) To insure you receive the transaction fees you must make sure your block destroys as many coin-days as possible or someone else could replace it (if they destroy more coin-days than you did) and then collect all of the fees. 
4) To broadcast a block, you must have a stake in that block and pay a transaction fee so this limits potential broadcasters to at most 4000 that might have a transaction in the block.  It is further limited to those with a large stake and finally limited by the need to collect enough fees.

Potential Problems:
1) Someone could broadcast a transaction that destroys a large number of coin-days and then refuse to broadcast a signed block.  In this case the transaction would have to be removed from the set of included transactions.   This would happen automatically 1 minute after a normal node would have signed and broadcast a block and the 2nd place input would become the 'first-place' input and sign the block.   

What have we achieved?
1) globally unique, expensive, one-time, deterministic selection of who has permission to broadcast a block.
2) financial incentive for this node to include as many transactions as possible in order to maximize their block reward
3) financial incentive to include as many coin-days destroyed as possible to minimize the risk of their block being orphaned and losing fees
4) automatic fail-over in the event the expected signer fails to deliver a block as expected.
5) minimum fee threshold to prevent creating blocks that don't pay the expected dividends and limit the block production rate.

So given these rules how would you take over the network for a profit?
 

Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: arkanaprotego on December 05, 2013, 04:36:06 pm
I think the whole concept of using transactions to secure the network is a little risky, especially during the infancy of a crypto. While there are not many transactions, the network is vulnerable. If everybody is sitting on their Bitshares, the first one to move will have a disproportionate influence. Conversely, after busy trading periods, the network will be depleted in CD because of the delay on CD regeneration after transactions. The network will be more vulnerable then as well.

The first flaw I can see in your proposal is related to this: if you only reward the biggest destroyer of CD, then you implicitly penalize the smaller. So to maximize their gains, the others will just keep their CD by hoarding old coins and spending new coins. Meanwhile the network destroys fewer coins and the network is insecure. You need to provide an incentive or a mechanism to ensure there will always be a steady flow of CD. If CDD fluctuates, the blockchain security is lowered, as periods of lower CDD are opportunities for cheap attacks.

Another thing to consider in your latest proposal is that it introduces a single point of failure (the broadcaster), even though you planned some backups.

It is quite vulnerable to a DOS attack. If an attacker were to score all the highest transactions in terms of CDD, he could delay the chain for long. The more fragmented the legitimate transactions are, the cheaper it is to attack the network.

So I think you should not restrict who can broadcast using such a serial scheme.

The issue with CDD in transactions is that they do not completely meet the non-reusability requirement that is necessary in PoW schemes, and probably in all blockchain structures. Transactions are tied to the previous block, but it does not matter what block they are included in, they are always valid. As a result it is trivial and cheap to generate a better block by simply adding a transaction to the original block. I think you need a way to make transactions depend on each other for this to work properly.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 05, 2013, 05:43:37 pm
arkanaprotego,
   Thank you for your response.   Let me see if I can address some of them and find enhancements.

1) People make transactions for the sake of the transaction, there is no need to reward them because they are already paying a fee for their transaction.  As a result choosing to reward the largest CDD (coin-days-destroyed) holder for hanging around to sign the block does not bother the others.

2) CDD variance does affect confirmation times, but does not affect security.  The reason is that security is defined in terms of CDD and not in terms of blocks.  So if there are many small blocks with low CDD then you may have to wait longer.  The good news is that some times you only have to wait 1 block if a large number of CDD are destroyed.  Thus, on average you will wait 1 hour for confirmations, but it could be 10 minutes or it could be 2 hours.   The better news is that you can use your own CDD to accelerate confirmation if you need it quickly. 

3) The DOS attack you mention is easily countered by the existing financial incentives.  If it appears the #1 CDD holder isn't going to sign in a timely manner, the #2 CDD holder will automatically attempt to claim, then the #3 CDD holder, etc...  The outputs that attempted the DOS would be flagged and not included in new blocks by any other node which would force the owner of those outputs to eventually sign a block with them or never be able to spend them.   This flagging process would have to be carefully designed to prevent honest nodes suffering from network latency from being punished, but I am sure there is a metric that will have few false positives.

4) Infancy... the great thing about POS is that your security isn't defined by blocks but by CDD.   Early stake holders can set up automated scripts to periodically provide CDD and those creating transactions can accelerate the CDD confirmations by paying fees to motivate CDD destruction.   Essentially, every honest node looking to earn extra dollars can monetize their CDD.   
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: arkanaprotego on December 05, 2013, 08:49:20 pm
bytemaster,

Thank you for your clarifications, but I am not sure you can neglect time that easily when considering security.

1) The best usage of your CD is still to spend them when you are the most certain that you will be the biggest CD destroyer.

3) Let me try another, more graphic attack to show some issues and try to solve them.
I have 34% of the coins. I don't move them for a year, to get the maximum CD out of them. Then I transfer them all to myself. I am most likely the biggest destroyer of CD in the block. I don't sign it. Now 4 sub-cases:
a) You ban my output and start another block without it. Right after that, I broadcast my signed block. Now all the new nodes that are plugged into the network and were not there when you banned me will follow me, because I have the chain with the biggest CDD, and you cut yourself from it. They can also not trust your ban, since you look like the attacker.
b) You don't ban it and start another block without it. I wait for a year. During this year, the average coin is moved every 2 days. With the 1 day delay after each transaction, your 66% coins generated and destroyed less CD than my 34% had then. I publish the block I had saved, and instantly reverse 1 year of transactions. Note that the more you move your coins, the less I need coins.
c) You don't ban it and include it in your next block, signed by #2 CD destroyer. You are quite sure to be in the longest chain of CDD and I have lost all my CD, unless... I publish the block, which is what you wanted me to do in the first place. I must do it fast, because if I wait too much, you will add more transactions to your chain and your chain will be longer in CDD than I can make mine.
d) Same as c, but I lied and I actually had 40% of the coins. After you start on your version of the block with my 34%, I wait until you destroy nearly as much as my remaining 6% are worth in CD, and publish a block with my 6%. This might take long or not, depending on the volume of transactions.

Long story short, I think the delay on CD regeneration is dangerous, because it creates distortions that can be exploited both ways, and that counting security in CDD is quite impractical if CD are not destroyed linearly, as it exposes you to forks originating far in the past. If C coins have not moved since a date T, and CDD(T, now) coin-days have been destroyed between date t and now, then the chain can be forked back to its state at t by someone who controls the coins if:
CDD(t, now) < C*max(now-T, 1 year)
To prevent this, CDD must be high. However, due to the delay, it is faster to generate unspent CD than to destroy CD.
With no delay though, the fork that accumulates CDD at a faster rate is always the one that has the most coins backing it. If these CD were spent automatically, they would prevent forks, as well as the accumulation of CD required for a fork.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 05, 2013, 10:14:06 pm
bytemaster,
Thank you for your clarifications, but I am not sure you can neglect time that easily when considering security.

1) The best usage of your CD is still to spend them when you are the most certain that you will be the biggest CD destroyer.
Assuming you want to take on the role of securing the network, rather than just 'using the network' which is what 99% of users will be doing.  They may randomly profit when they happen to have the most coindays destroyed (because it is their first trx in a year).   So lets assume there is a certain base level of CDD providing security regardless of any other financial incentive.

3) Let me try another, more graphic attack to show some issues and try to solve them.
I have 34% of the coins. I don't move them for a year, to get the maximum CD out of them. Then I transfer them all to myself. I am most likely the biggest destroyer of CD in the block. I don't sign it. Now 4 sub-cases:
a) You ban my output and start another block without it. Right after that, I broadcast my signed block. Now all the new nodes that are plugged into the network and were not there when you banned me will follow me, because I have the chain with the biggest CDD, and you cut yourself from it. They can also not trust your ban, since you look like the attacker.
b) You don't ban it and start another block without it. I wait for a year. During this year, the average coin is moved every 2 days. With the 1 day delay after each transaction, your 66% coins generated and destroyed less CD than my 34% had then. I publish the block I had saved, and instantly reverse 1 year of transactions. Note that the more you move your coins, the less I need coins.
c) You don't ban it and include it in your next block, signed by #2 CD destroyer. You are quite sure to be in the longest chain of CDD and I have lost all my CD, unless... I publish the block, which is what you wanted me to do in the first place. I must do it fast, because if I wait too much, you will add more transactions to your chain and your chain will be longer in CDD than I can make mine.
d) Same as c, but I lied and I actually had 40% of the coins. After you start on your version of the block with my 34%, I wait until you destroy nearly as much as my remaining 6% are worth in CD, and publish a block with my 6%. This might take long or not, depending on the volume of transactions.
I think there was a misunderstanding here... when I said 'ban' I mean I just don't include the transaction in the block I produce, though anyone with more CDD is able to include that transaction.   Considering Orphans are not really an issue, anyone in the top 5 CDD inputs from unique transactions could strip out the largest transaction and broadcast all at the same time.  The network will ultimately accept the block with most CDD regardless of which of the top 5 broadcast.   

Long story short, I think the delay on CD regeneration is dangerous, because it creates distortions that can be exploited both ways, and that counting security in CDD is quite impractical if CD are not destroyed linearly, as it exposes you to forks originating far in the past. If C coins have not moved since a date T, and CDD(T, now) coin-days have been destroyed between date t and now, then the chain can be forked back to its state at t by someone who controls the coins if:
CDD(t, now) < C*max(now-T, 1 year)
To prevent this, CDD must be high. However, due to the delay, it is faster to generate unspent CD than to destroy CD.
With no delay though, the fork that accumulates CDD at a faster rate is always the one that has the most coins backing it. If these CD were spent automatically, they would prevent forks, as well as the accumulation of CD required for a fork.

We need to be very careful when looking at attacks to see what harm can be done... lets start with a very basic premise:

1) Nodes that are connected continuously to other nodes in many continents will see any fork of sufficient age as suspect.  They should not automatically switch to the chain with more CDD simply because it has more CDD.  After all, if all of the nodes on the main chain see this they could simply 'counter' with a few transactions that 'fix' the problem making the public chain the longest again.  I think any fork more than an hour old without any obvious network issues has a higher burden of proof. 

Lets assume that there is no delay in CD accumulation then an attacker with 1/50,000 of the money supply could spend enough CDD every other block to build 50% of the blocks on average. Putting a delay before CD start accumulating of 100 blocks means the attacker would only have 1% influence on block production assuming 1/50,000 of the money supply. 

Note a 51% attack on any proof-of-work network is possible if the attacker has access to 5% of the money supply, even Bitcoin.   5% of the money supply is enough to purchase 51% of the hash power.  $600 million could buy you a 51% attack on bitcoin.  So I think for the purpose of evaluating POS we should only consider attacks that are possible with less than 5% of the money supply otherwise it is an unfair comparison.

Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 05, 2013, 11:53:17 pm
Ok so in keeping with the DAC metaphor I have realized an entirely new perspective on Proof-of-Stake.  Every shareholder is given one vote per block per share toward establishing a global consensus.   As a result shareholders must vote to the best of their knowledge and not simply vote how everyone else is voting.  The premise here is that in a well connected network there should be no 'big surprises' and thus everyone will have seen everything.  The chances of something you haven't seen being legitimate are very small.

When a new node connects it connects to friends and family as well as well known public nodes and trusts them first. 

If there is a 'dispute' among the shareholders as to which chain is legitimate, many big players get off the sidelines and vote. 

So like Ripple can reach consensus without proof of work, shareholders can also reach consensus without proof of work.  In the short term (1-3 blocks) shareholders vote by largest proof-of-stake, in the long term they vote with what they have known the longest.

To control such a network requires a majority of shareholder votes.   

In the mean time if there is a 'dispute' resulting in a chain-fork, then nodes can follow both forks and include transactions in both forks.  You can consider your transactions 'confirmed' in such a case as long as they are valid on both forks.  Eventually one fork will gain enough of a lead that the other fork stops growing and dies off due to lack of votes and therefore inability to add new blocks. 

I suppose in the event of a chain fork there is also the concept of 'new CDD' and 'used CDD' where 'new CDD' is any CDD older than the fork itself and 'used CDD' is CD earned on the fork.  This alternative measure could also be used to see if a fork is gaining acceptance from new users or simply supporting itself with its own CD.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: arkanaprotego on December 06, 2013, 10:50:19 am
Indeed, I think that vote by shares is the way to go. I am just unsure that spontaneous transactions are the best proxy for shares held, as it can be tightly coupled, but also completely decoupled. At the very least there should be an automated safety mechanism to try and reestablish dominance of your branch by destroying CD, should it become the shortest one, if you have been on that branch for long. I don't think most users would be able to override the detection of the longest chain to keep spending more CD on the legitimate branch.

PoS and PoW have similarities: if you want more power, you have to invest, either in ASIC or in shares. But then, unlike CD, hashrate cannot be saved for later. I think it would be nice to mimic this property, by having CD spent continuously on the branch you follow, like hashing power. Your idea of using transactions seems valid, and IMO is a generalization of PPCoin's PoS mining special transactions. What I propose is a reward for all destroyers of coin-days, proportionally to their coin-days destroyed, to reward them for securing the network, and the removal of the delay for CD regeneration, not to penalize transactions. What it means is that CDD/day is constant and equal to the number of coins that endorse a branch by "PoS mining" or spending on it, which is what you wanted to achieve with "votes by shares". As long as the main branch maintains more than 50% of the coins always "PoS mining" (EDIT: by honest nodes), your branch cannot be forked.

Quote
Lets assume that there is no delay in CD accumulation then an attacker with 1/50,000 of the money supply could spend enough CDD every other block to build 50% of the blocks on average. Putting a delay before CD start accumulating of 100 blocks means the attacker would only have 1% influence on block production assuming 1/50,000 of the money supply. 

Sorry I lost you there... You mean both the attacker who has 1/50,000 and the rest of the network that has 49,999/50,000 have the same influence? Unless I missed something, I think no delay only means that whoever has the most money wins, which seems fair in this kind of situation. If someone has more than 50% of the money then something is rotten in the Decentralization.

If I understood your paper well, I think your motivation to introduce the delay was to protect about people owning too many coins. But as you said yourself, if this happened, then any network would be vulnerable.

Unrelated remark:
Quote
Assuming you want to take on the role of securing the network, rather than just 'using the network' which is what 99% of users will be doing.  They may randomly profit when they happen to have the most coindays destroyed (because it is their first trx in a year).   So lets assume there is a certain base level of CDD providing security regardless of any other financial incentive.
No, this is just what an optimized client would do. Sooner or later it will be available to the public.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 06, 2013, 11:18:37 pm
Here is one additional detail that can be used to evaluate forks:  the only CDs that count toward confirming a fork are CDs earned prior to the fork.  In other words, a fork cannot confirm itself by re-spending coin-days earned after the fork.   

This particular metric is a bit tricky to maintain, but is possible to calculate.   

I also believe that this is the key to preventing CDs from being reused constantly.... you can start accumulating CD immediately after you destroy them, but if you spend them again too soon they do not count.   I think we can define 'too-soon' as before 3-4x as many CDs have confirmed your original CDD.   So, if you control 1% of the money supply and thus destroy a lot of CD at once, you have to wait until another 4% of the money supply confirms your CDD before your new CD fully vest.   In summary, CD must vest prior to being spent.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: arkanaprotego on December 07, 2013, 04:12:20 am
Having to let CDs vest sounds reasonable, since that would also prevent people from spamming the network with transactions to themselves.

However I don't see the need to prevent CDs from being reused constantly, it is their purpose. I think there might be some confusion about the temporal aspect of CDs, as you seem to view coin-days only as a resource that accrues in the hands of stakeholders and that can be engineered at will.

The original idea behind coin-days is to measure how many coins back each side of the fork. A coin is detected as supporting a chain when a transaction involving this coin is added to that chain. However, if we simply summed transaction volumes, fast circulating coins would have a disproportionate weight compared to slower circulating ones, and this could trivially be exploited. So we create a new metric by weighting each transaction by (age of the coin at the moment of the transaction)/(time since reference, ex.: genesis), which ensures that all coins have a weight equal to their value, to vote by transactions on what happened between the reference time and now (because the sum of the ages of the coin at the moments of the transactions is equal to the time elapsed since the reference). Since the time since the reference is present in all weights, you can simplify the expressions by multiplying by it everywhere, and you are left with coin-days as vote weights. This is where coin-days come from.

Given expression of coin-days, the rate at which coins accrue coin-days is constant (1/coin/day), and attempts to alter it will break the proportionality between vote value and coin value if the last equality is not verified  (e.g.: with delay, the sum of weights depends on the number and spacing of transactions).
Also notice that it is tricky to use the timestamp of the fork as a reference time, since it won't exactly match transaction dates for most of the coins. As a consequence, right after the fork, branches start with non-zero and most likely non-equal supplies of CDs. In other words, one chain might have a substantial head-start.

My proposal to address this is to force the spending of CDs regularly, so that branches will always start with close to 0 CDs. This can be done by capping coin age to 1 day and by rewarding everybody for destructing their CDs. Under these conditions, the longest branch is automatically the one in which the alive nodes own the most wealth. It also prevents attackers from accumulating CDs in secret (or accumulating CDs at all).

If you really do not want to automate the destruction of CDs, another way to do would be to implicitly reset coin-days at the fork, by not counting CDs accrued before the fork.
Is it what you wanted to suggest? If you really meant not counting CDs accrued after the fork, your metric to evaluate forks would fail to confirm the right branch if the attacker has more CDs when they initiate the attack. And I think it is the only case when an attacker would bother to start a fork, or the fork could be annihilated instantly by the users of the main branch, provided they are programmed to destroy more CDs in case of a forking attempt.

If you go with the second solution (I think the first one does not really need it, but it might still be safer to do it regardeless), it would be nice to prevent CDs from the same outputs from being destroyed in several chains, as it would reduce the gap between the two chains.
The goal is to prevent honest nodes from irreversibly supporting the attack in good faith, if they mistake an attack for the rightful chain during the time it takes the main chain to reestablish its dominance.
A soft way would be to add a rule to the honest clients so they don't reuse outputs.
Title: Re: Transactions as Proof-of-Stake &amp; The End of Mining
Post by: bytemaster on December 07, 2013, 05:22:53 am
CD can only apply to one chain at a time. So I think we are on the same page. 

I agree vesting would take influence from people transacting every block and give it to savers.   An attacker would then have to hold his coins longer. 

I think we have something.




Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: arkanaprotego on December 07, 2013, 12:10:48 pm
Quote
CD can only apply to one chain at a time. So I think we are on the same page. 
Can they? I think this can be enforced, but by default it isn't, since coin age depends on the date of the last transaction, which depends on which chain you are on. After a fork, coins accumulate CDs on every chain, which is something PoW does not have to deal with.

Quote
I agree vesting would take influence from people transacting every block and give it to savers.   An attacker would then have to hold his coins longer. 
I think I see where we differ finally :)
You base your analysis on an opportunist attacker looking for an easy profit, while I base mine on a malevolent powerful entity that just looks to destroy the network. Is that it?
So in consequence you create economic deterrents while I just look to make the requirements as high as possible (owning half of the money supply).
I think both are valid concerns, but I still believe that my solution solves both.

The one question I have for you is: What is the benefit of allowing people to save CDs? If you just want to reward savers over spenders, I think we could just implement two types of CDs, security CDs (SCDs) and investment CDs (ICDs). Investment CDs can be calculated following the rules you set and be used to distribute dividends as you see fair, while security CDs follow my set of rules and are constantly spent in "security transactions" to the same address to secure the network. Just two ways of counting, I don't think the representation in the block chain has to be altered: make ICDs reset when sending to another address, and SCDs reset at any transaction. "Security transactions" don't even split the coins, which makes SCDs easier to track.
Spending SCDs continuously prevents attacks, and allowing ICDs to be saved rewards your long term investors: you get the best of both worlds.


Quote
I think we have something.
Not sure what you're thinking about, but I'll await it eagerly  :D
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Lighthouse on December 07, 2013, 03:17:07 pm
Here is one additional detail that can be used to evaluate forks:  the only CDs that count toward confirming a fork are CDs earned prior to the fork.  In other words, a fork cannot confirm itself by re-spending coin-days earned after the fork.   

This particular metric is a bit tricky to maintain, but is possible to calculate.   

I also believe that this is the key to preventing CDs from being reused constantly.... you can start accumulating CD immediately after you destroy them, but if you spend them again too soon they do not count.   I think we can define 'too-soon' as before 3-4x as many CDs have confirmed your original CDD.   So, if you control 1% of the money supply and thus destroy a lot of CD at once, you have to wait until another 4% of the money supply confirms your CDD before your new CD fully vest.   In summary, CD must vest prior to being spent.

Arkanaprotego mentioned earlier about how an optimized client would essentially "game" the system automatically.   What would just embracing this?  Can there be a "mining mode" that watches the network looking for advantageous opportunities to be the biggest spender in the network at that particular instant of opportunity?   I bet given the opportunity most people would do that instead of letting their coindays acrue and requiring them to time it manually.  Would this even be possible?  Seems like the client would need to monitor transactions being broadcast and when it identifies a lot of transactions smaller than its potential CDD available it opportunistically fires a TX to itself and attempts to claim the block.  Lots and lots of clients doing this on an ongoing basis would create a very level market if I read my incentives correctly.  Latency would be an issue, opportunities would be spotted by many and fired quickly.....   Either way, you see where I'm going here.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: phoenix on December 08, 2013, 11:06:07 pm
Here is one additional detail that can be used to evaluate forks:  the only CDs that count toward confirming a fork are CDs earned prior to the fork.  In other words, a fork cannot confirm itself by re-spending coin-days earned after the fork.   

This particular metric is a bit tricky to maintain, but is possible to calculate.   

I also believe that this is the key to preventing CDs from being reused constantly.... you can start accumulating CD immediately after you destroy them, but if you spend them again too soon they do not count.   I think we can define 'too-soon' as before 3-4x as many CDs have confirmed your original CDD.   So, if you control 1% of the money supply and thus destroy a lot of CD at once, you have to wait until another 4% of the money supply confirms your CDD before your new CD fully vest.   In summary, CD must vest prior to being spent.

Arkanaprotego mentioned earlier about how an optimized client would essentially "game" the system automatically.   What would just embracing this?  Can there be a "mining mode" that watches the network looking for advantageous opportunities to be the biggest spender in the network at that particular instant of opportunity?   I bet given the opportunity most people would do that instead of letting their coindays acrue and requiring them to time it manually.  Would this even be possible?  Seems like the client would need to monitor transactions being broadcast and when it identifies a lot of transactions smaller than its potential CDD available it opportunistically fires a TX to itself and attempts to claim the block.  Lots and lots of clients doing this on an ongoing basis would create a very level market if I read my incentives correctly.  Latency would be an issue, opportunities would be spotted by many and fired quickly.....   Either way, you see where I'm going here.

This kind of a node would be very useful to network security, since it would only want to spend it's coin days on a legitimate blockchain. I could see people creating optimized versions of this node, that tracks what other nodes are doing, and then attempting to determine which addresses belong to a single node. The node could then have a better chance of being able to capture a block, since it could make a more informed decision about spending it's coin days
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 08, 2013, 11:19:15 pm
I recently came up with another system that could work, though I am not fully sold on it.

What if the share holders elected people who would sign blocks?   You vote for the signers with CDD. When they sign they spend the CDD they accumulated from people voting for them.  No one would be allowed to sign more than 1 in 100 blocks. 

This plan has many potential problems, but I thought I would add it to the idea pool.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: phoenix on December 09, 2013, 02:12:20 am
I recently came up with another system that could work, though I am not fully sold on it.

What if the share holders elected people who would sign blocks?   You vote for the signers with CDD. When they sign they spend the CDD they accumulated from people voting for them.  No one would be allowed to sign more than 1 in 100 blocks. 

This plan has many potential problems, but I thought I would add it to the idea pool.

This could actually work at first, since the majority of people would vote for the most legitimate block available. But over time people would develop software to track who was signing legitimate blocks, and then be less likely to vote for new miners. Also, how do you propose we tell the difference between individuals?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 09, 2013, 04:18:43 am
I recently came up with another system that could work, though I am not fully sold on it.

What if the share holders elected people who would sign blocks?   You vote for the signers with CDD. When they sign they spend the CDD they accumulated from people voting for them.  No one would be allowed to sign more than 1 in 100 blocks. 

This plan has many potential problems, but I thought I would add it to the idea pool.

This could actually work at first, since the majority of people would vote for the most legitimate block available. But over time people would develop software to track who was signing legitimate blocks, and then be less likely to vote for new miners. Also, how do you propose we tell the difference between individuals?

Public individuals would volunteer so people are voting for who should be the custodians of the chain.   It would be like getting to vote for who is mining BTC rather than having it go to whoever could pay the most.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: alexkravets on December 09, 2013, 04:23:46 am
Why not simply adopt Ripple's consensus algorithm ?  It's open source and easily formalize-able into a page of pseudo-code (it will have lots of company-sponsored and independent academic backup soon)
 
If mining is now understood to be unnecessary for security and only serves to create viral adoption, why not decouple mining from the consensus agreement in exactly the same way as Ripple did ?

Until recently b/c it required and used no mining Ripple was considered not viral enough, however that changed once Ripple Labs instituted a http://computingforgood.org/ where impossible-to-scam currency distribution and viral adoption has been completely decoupled from day-to-day operation of the network. A few weeks into the program there's 7000+ mining participants growing at over 50% per week https://secure.worldcommunitygrid.org/ms/team/viewMyTeam.do

Notice, that all the immense advantages of Ripple's Consensus over block-chain-based systems will apply
https://ripple.com/wiki/Introduction_to_Ripple_for_Bitcoiners#Ripple_is_a_Payment_System
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 09, 2013, 04:26:17 am
Why not simply adopt Ripple's consensus algorithm ?  It's open source and easily formalize-able into a page of pseudo-code (it will have lots of company-sponsored and independent academic backup soon)
 
If mining is now understood to be unnecessary for security and only serves to create viral adoption, why not decouple mining from the consensus agreement in exactly the same way as Ripple did ?

Until recently b/c it required and used no mining Ripple was considered not viral enough, however that changed once Ripple Labs instituted a http://computingforgood.org/ where impossible-to-scam currency distribution and viral adoption has been completely decoupled from day-to-day operation of the network. A few weeks into the program there's 7000+ mining participants growing at over 50% per week https://secure.worldcommunitygrid.org/ms/team/viewMyTeam.do

Notice, that all the immense advantages of Ripple's Consensus over block-chain-based systems will apply
https://ripple.com/wiki/Introduction_to_Ripple_for_Bitcoiners#Ripple_is_a_Payment_System

I have looked into Ripples algorithm and that is the fallback... I still do not like the Unique Nodes List...
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Lighthouse on December 09, 2013, 04:29:07 am
I'm glad to see Ripple found a way to distribute XRP, that was for sure their biggest problem.  Do you know what % of ripple labs holdings will be distributed in this way?
Title: Transactions as Proof-of-Stake & The End of Mining
Post by: alexkravets on December 09, 2013, 06:23:19 am
I have looked into Ripples algorithm and that is the fallback... I still do not like the Unique Nodes List...

Yes, it took me a while to wrap my head around the concept too, despite being advertised as trust-free Bitcoin and all other blockchain-based systems which are pool mined ( which is an unavoidable outcome of competition ) actually all have One Giant Unique Node List today, namely ALL Bitcoin users trust top handful of pools not too collude and none of them to become too big.

What ripple does differently is to formalize exactly what such trust entails, namely only not to conspire and unlike Bitcoin, any node gets to maintain its own, not necessarily pulicised ensures that no Sybil attacks or conspiracies are feasible not only because they are exceedingly unlikely, but also because all consensus proposals must be signed by nodes private keys, any attempt at validating invalid transactions or omission of valid ones leads to immediate smoking-gun incontrovertible evidence against attackers at which point they can be dropped automatically from everybody's UNLs

Key difference is that unlike in Bitcoin, participating nodes have key pairs which must be used and which provide strong reputational naming fir the rest of the network, compare to any other coin, where participating nodes are essentially fully anonymous and therefore have many more ways to misbehave.

Meta remark: One of the attractions of the DAC concept is that it's a much higher level layer "application software"
Just like meatspace corporations can change their physical infrastructure, a DAC should be abstracted away from its consensus level "wiring" its operating activities should use higher level primitives and not be commingled with low level p2p consensus.

Should we call it VDAC for Virtualized DAC ?

I'm thinking of creating a "consensus isolation layer" akin to to hypervisor between a collection of DACs and underlying "hardware of consensus" from this point of view for example, Ripple is a cross currency, distributed market based payment DAC *commingled*  with a cryptographically secured p2p avalanching-consensus-based database toolkit.


Sent from my iPad using Tapatalk (http://tapatalk.com/m?id=1)
Title: Transactions as Proof-of-Stake & The End of Mining
Post by: alexkravets on December 09, 2013, 06:28:57 am
I'm glad to see Ripple found a way to distribute XRP, that was for sure their biggest problem.  Do you know what % of ripple labs holdings will be distributed in this way?

They keep tuning things as they go along, their initial experiments were failures because of scams and other social factors, this mode of distribution as reward for helping cure cancer etc seems to be at least as viral as bitcoin if not more so and immune from accusations of waste.

My guess is that they will greatly expand the giveaway once they get all the kinks out to billions of XRPs and a million people.

There is also talk of including grid computing clients in upcoming iOS and android versions of the client to rule out scams while expanding the giveaway to a billion non-geek smart phone users


Sent from my iPad using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: boshen1011 on December 09, 2013, 07:58:13 am
@alexkravets,  thank for your suggestion.  Would you please continue to share us with your thoguths.  :)

RL does need trust from community.

1>Ripple founders and RL will keep 45%, 5% percentage goes to rewarding system.  Is it fair?

Suppose it is fair, and 45% of xrp is deserved for their great ideas and hard works.

2> Another 50% xrp goes to giveaways' distribution system. I have asked many people, some of them are RL employees...GIVEAWAY > 

give people for free.  Correct me if my bad English leads me to a bad understanding.

In other words, another 50% xrp belongs to other people EXCEPT RL, however RL did not keep its word.

The problem is that RL has been selling xrp to people who suppose to get xrp for free as planned.

RL is rewarded 45% of xrp, how could it look at others' xrp, cashed out xrp for other people, then put the cash into its own pocket?

That is BIG centralized problem, seems like the BD of RL is the chairman of FED in digital space, even much worse...

NOTE: I still think Ripple system has a best solution for financial market in the digital space until today. But the whole business theory and logics is totally wrong if RL want to play in the decentralzed digital space. The exit strategy for RL is to be acquired by a big bank one day.


Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: MrJeans on December 10, 2013, 01:10:41 pm
It looks like the top dogs are talking on this thread so excuse my comments if they seam newbie.

I dont like the idea of mining as it only really benefits the people who mine early on. This is fine at the start when everyone has the hardware to mine and mining can therefore be decentralized.

However, as difficulty increases, mining becomes more centralized (due to technology/know-how constraints on the masses).

I like proof-of-stake as this rewards the persons who are investing in the idea/network/currency. Persons should simply be rewarded for holding the coin  allowing for a steady inflation. If inflation is low enough over the 12 years then the value of each coin should increase over time as the value of the service increases faster than inflation.

This will allow for a decentralized way of distributing new BitShares.

Mining can be used for the processing of transactions and securing the network.

Alternatively why have inflation at all. Why not distribute all BitShares to protoshare holders in one go. People can then mine for transaction fees. (I see how this alternative could be problematic but its something to think about). 
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: arkanaprotego on December 10, 2013, 04:22:21 pm
I recently came up with another system that could work, though I am not fully sold on it.

What if the share holders elected people who would sign blocks?   You vote for the signers with CDD. When they sign they spend the CDD they accumulated from people voting for them.  No one would be allowed to sign more than 1 in 100 blocks. 

This plan has many potential problems, but I thought I would add it to the idea pool.

Wouldn't that generate an awful lot of network spam? At each block, each node would have to know what each other node has voted?


I have an idea based on a lottery system.

It requires the introduction of another type of coin-days that are reset after each block. I'll refer to as BCDs, for Block Coin-Days.

After a node receives a block, it takes the hash of the block and the hash of its Bitshares address, and applies a binary AND on them. The result is a speed of BCD gain per coin.
The node can then compute the number of BCD held by its address as a function of time: BCD = time_since_last_block * (block_hash AND address_hash) * number_of_coins.
It will broadcast a block when the amount of BCD reaches a target set by the protocol, depending on previous blocks. The block must reference the outputs used to generate the BCDs.


The idea is that the node with the highest BCD gain speed ((block_hash AND address_hash) * number_of_coins) will win. As time passes, it is more and more likely that someone will meet the target (like PoW), and the randomness prevents the biggest stake-holders from always publishing the block. They still have more chance of meeting the target though, since the expected value of the BCD gain speed is proportional to the amount of resources owned (also similar to PoW).
Unlike some other lottery systems addresses, this does not reward splitting your funds into multiple addresses.

Difficulty target can be initialized analytically to target a specific block generation time, as the distribution of Protoshares can be calculated at the genesis of Bitshares. However, I think target adjustment would have to be completely empirical afterwards (increase if blocks are generated too fast, decrease if too slow).
To help constrain block generation time, I think a polynomial weighting of time could be used (e.g.: use time_since_last_block^4 instead). If time_since_last_block < 1, it is harder to reach the target. If time_since_last_block > 1, it is easier. Stronger degrees increase this effect.

Latency is not an issue, given that if you receive two blocks, you can easily see which one met the target first. However, this implies using the sum of BCDs to determine the main chain (at least to some extent).
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: gloine on December 14, 2013, 11:32:32 pm
Hi,

I want to point out one aspect of Proof-of-Stake system. It is vulnerable to physical attacks on major shareholders.

You can easily control the system by hacking or spoofing the computers of major shareholders, or just bringing a gun to their home and threatening them to do transactions on the attacker's behalf. In case of PoW, the damage is limited to the attacked person only, but in case of PoS, the whole network is damaged.

So unless major shareholders are rich enough to defend all the physical attacks on themselves (which could be true for crypto-coins but not for DACs), it would be safer to rely on PoW systems to protect the network. In other words, those who 'work' for the network should be distributed and 'replaceable', unlike shareholders.

On a side note, PeerCoin has a vesting period of 30 days and a maximum coin age of 60 days (numbers could have been changed, but it does have them).

Regards,
Gloine
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 15, 2013, 01:07:11 am
At the Inside Bitcoin conference in Las Vegas the CEO of Butterfly Labs did a presentation on “The Future of Mining”.   In his presentation he pointed out that about 5 people collectively control 75% of the hashing power behind Bitcoin and 2 people control over 51%.   He then made the case that this centralization was good for Bitcoin because it means they could coordinate to rapidly resolve unexpected forks such as the one that occurred in March 2013.     According to Sonny Vleisides, without this centralization in mining Bitcoin would have died 9 months ago as decentralized clients would have been unable to reach a consensus on which fork to follow in a timely manner.

Whether or not you agree that Bitcoin would have died,  Sonny Vleisides has effectively admitted that Bitcoin has become centralized, that a small handful of powerful pool operators can unilaterally decide which block chain fork is the “official” fork, that they all know each other and that they effectively vote on which chain to support.   The session ran out of time before I had an opportunity to publicly ask the following question:  “If a small handful of self-appointed people have taken it upon themselves to decide which chain to officially support, then why should the Bitcoin ecosystem spend $1 billion dollars per year in electric costs to provide the same effective security as having 2 or 3 signatures on every block that costs next to nothing while providing infinitely more security?” 

Whether signatures or hashing power, the regular Bitcoin user has no more control over the official block chain policy than the regular Federal Reserve Note user has over official monetary policy.   Their only way to ‘vote’ is to switch to another currency which will have a smaller network with fewer exchanges, products, and services available to it. 

The fact that mining results in centralization should not have been a surprise to those who understand economies of scale.  Mining profitability is a function of efficiency and large centralized mining farms powered by the latest capital-intensive ASICs packaged and cooled in an industrial setting will eventually push all profitable mining into the hands of a single player.  Effectively, mining means that consensus is defined by an organization that can derive profits from alternative revenue streams such as taxation, tainted coins, or limiting transactions to privileged players.   It means that in the name of ‘progress’, these large miners will support other changes to the protocol that also benefit from economies of scale such as reducing block intervals, increasing block sizes, and offering instant transaction validation services.   
We have come to the conclusion that there is no traditional proof-of-work system that can provide security and decentralization at the same time.  A new approach is needed.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 15, 2013, 01:26:38 am
Decentralized Continuous Election of Trustees

Suppose we were to accept the notion that it may be beneficial to have a handful of “trusted” individuals around to certify the official block-chain.   We would want to ensure that these trustees are indeed trust-worthy and not simply self-appointed opportunists who had enough capital to corner the voting market.   Everyone should have a an opportunity to vote without having to purchase special hardware or spend billions every year in electricity just to cast their vote.  Lastly, only those who currently own the currency should have a vote proportional their investment in the currency instead of giving the vote to foreigners who have no current interest in the currency.

Fortunately such a voting system is easy to setup by utilizing a concept known as coin-days-destroyed by a transaction to vote for trustees.  Coin-days-destroyed is calculated as your account balance multiplied by the length of time you have held that balance.    When you create a transaction to make a purchase you also include the address of the Trustee you would like to vote for using the coin-days destroyed by the transaction.

Each trustee would accumulate coin-days-destroyed in their voting balance, and when they vote on a block they consume some of their accumulated coin-days.  The best block is the one which has been voted upon by the most trustees.    While Bitcoin block creation is centralized in one person at a time, this new system would require several unique individuals as elected by the shareholders to approve every block.  As a result not even a single block is centralized into a single user.

The trustee’s could use a consensus model based upon the Ripple algorithm to agree on which blocks to create.    This means that in theory blocks could be produced multiple times per minute.   

Trusting the Trustees in an otherwise Trust-less system. 

The major innovation of Bitcoin was that it claimed to create a trust-less currency; however, as we have seen recent developments have reintroduced trust focused on the mining pools.   Does electing Trustees to certify the network open the network up to abuse of power?  In our opinion there is no such risk as the Trustee cannot create transactions that violate the rules of the block-chain and they have their signature on every block they produce.  Any trustee that signed two different blocks that would result in a double spend could be held accountable and of course as long as there are more honest trustees than dishonest trustees this is not a problem.
Modify message
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 15, 2013, 01:31:02 am
I recently came up with another system that could work, though I am not fully sold on it.

What if the share holders elected people who would sign blocks?   You vote for the signers with CDD. When they sign they spend the CDD they accumulated from people voting for them.  No one would be allowed to sign more than 1 in 100 blocks. 

This plan has many potential problems, but I thought I would add it to the idea pool.

Wouldn't that generate an awful lot of network spam? At each block, each node would have to know what each other node has voted?


I have an idea based on a lottery system.

It requires the introduction of another type of coin-days that are reset after each block. I'll refer to as BCDs, for Block Coin-Days.

After a node receives a block, it takes the hash of the block and the hash of its Bitshares address, and applies a binary AND on them. The result is a speed of BCD gain per coin.
The node can then compute the number of BCD held by its address as a function of time: BCD = time_since_last_block * (block_hash AND address_hash) * number_of_coins.
It will broadcast a block when the amount of BCD reaches a target set by the protocol, depending on previous blocks. The block must reference the outputs used to generate the BCDs.


The idea is that the node with the highest BCD gain speed ((block_hash AND address_hash) * number_of_coins) will win. As time passes, it is more and more likely that someone will meet the target (like PoW), and the randomness prevents the biggest stake-holders from always publishing the block. They still have more chance of meeting the target though, since the expected value of the BCD gain speed is proportional to the amount of resources owned (also similar to PoW).
Unlike some other lottery systems addresses, this does not reward splitting your funds into multiple addresses.

Difficulty target can be initialized analytically to target a specific block generation time, as the distribution of Protoshares can be calculated at the genesis of Bitshares. However, I think target adjustment would have to be completely empirical afterwards (increase if blocks are generated too fast, decrease if too slow).
To help constrain block generation time, I think a polynomial weighting of time could be used (e.g.: use time_since_last_block^4 instead). If time_since_last_block < 1, it is harder to reach the target. If time_since_last_block > 1, it is easier. Stronger degrees increase this effect.

Latency is not an issue, given that if you receive two blocks, you can easily see which one met the target first. However, this implies using the sum of BCDs to determine the main chain (at least to some extent).

I really like this approach and am attempting to internalize it.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Lighthouse on December 15, 2013, 01:46:57 am
Agreed, that is a REALLY interesting proposal. 

Trustees are tempting but I think taking that shortcut will bite us.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: phoenix on December 15, 2013, 01:54:24 am
Agreed, that is a REALLY interesting proposal. 

Trustees are tempting but I think taking that shortcut will bite us.

I think that it wouldn't actually bite us to much, since if there was any attempt to manipulate the block chain, people would stop voting for the Trustees responsible for the manipulation, and then they would quickly lose power, and things would continue just fine.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Lighthouse on December 15, 2013, 01:57:02 am
I mean Trustees as central points of failure.  Even with 100 trustees, that's only 100 private keys to capture to completely control the network.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: phoenix on December 15, 2013, 02:00:55 am
I mean Trustees as central points of failure.  Even with 100 trustees, that's only 100 private keys to capture to completely control the network.

True, the more Trustees there are the better. I would hope that the people running for Trustee positions would keep their wallets encrypted.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: arkanaprotego on December 16, 2013, 10:33:18 am
I just thought of a variant of the BCD system I proposed: use BCD from the Protoshares chain to secure the Bitshares chain, and issue Bitshares through subsidies, based on ownership of PTS  (somewhat like Bitcoin, but using Protoshares as "hashing power"; subsidies don't have to be for finding blocks though, read below). I haven't really thought about all the implications yet, but I realized there was no reason to keep security and wealth so tightly coupled, so I'm putting this idea on the table. All comments are welcome.

Pros:
- Strong incentive to keep Protoshares in the long run: "mining" Bitshares
- There is a public (yet pseudonymous) ledger of "hashing power" (PTS), so this mining does not require centralization and few special transactions: no matter how little you "mine", just parse the Protoshares chain to see how many Bitshares you (or anyone) can claim from "mining", and claim them at the same address on the Bitshares chain using a special transaction from time to time (e.g.: once a day). EDIT: You can also bust freeloaders: do not award subsidies if the claiming address could have published better blocks than those in the chain but did not.
- Increase liquidity of Bitshares, since you don't need to hoard more to earn more.
- Bitshares distribution is not simply the result of the snapshot of Protoshares at one point in time, but at all points in time: the wealth distribution is not set in stone; see the case of Nxt: the whole money supply was issued at launch. 70 people hold all of it and are just sitting on it, preventing any one from entering the market at a similar price.

Cons:
- You have to remember to keep an eye on the distribution of PTS to make sure it is not overly centralized.
- This might lead to an increase in the price of PTS, reducing the last pro, but if it is still easier to buy PTS than ASICs, I'll still consider this a success. Unlike ASICs, PTS do not age. EDIT: Also, no pre-orders.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: arkanaprotego on December 16, 2013, 03:00:09 pm
I recently came up with another system that could work, though I am not fully sold on it.

What if the share holders elected people who would sign blocks?   You vote for the signers with CDD. When they sign they spend the CDD they accumulated from people voting for them.  No one would be allowed to sign more than 1 in 100 blocks. 

This plan has many potential problems, but I thought I would add it to the idea pool.

Wouldn't that generate an awful lot of network spam? At each block, each node would have to know what each other node has voted?


I have an idea based on a lottery system.

It requires the introduction of another type of coin-days that are reset after each block. I'll refer to as BCDs, for Block Coin-Days.

After a node receives a block, it takes the hash of the block and the hash of its Bitshares address, and applies a binary AND on them. The result is a speed of BCD gain per coin.
The node can then compute the number of BCD held by its address as a function of time: BCD = time_since_last_block * (block_hash AND address_hash) * number_of_coins.
It will broadcast a block when the amount of BCD reaches a target set by the protocol, depending on previous blocks. The block must reference the outputs used to generate the BCDs.


The idea is that the node with the highest BCD gain speed ((block_hash AND address_hash) * number_of_coins) will win. As time passes, it is more and more likely that someone will meet the target (like PoW), and the randomness prevents the biggest stake-holders from always publishing the block. They still have more chance of meeting the target though, since the expected value of the BCD gain speed is proportional to the amount of resources owned (also similar to PoW).
Unlike some other lottery systems addresses, this does not reward splitting your funds into multiple addresses.

Difficulty target can be initialized analytically to target a specific block generation time, as the distribution of Protoshares can be calculated at the genesis of Bitshares. However, I think target adjustment would have to be completely empirical afterwards (increase if blocks are generated too fast, decrease if too slow).
To help constrain block generation time, I think a polynomial weighting of time could be used (e.g.: use time_since_last_block^4 instead). If time_since_last_block < 1, it is harder to reach the target. If time_since_last_block > 1, it is easier. Stronger degrees increase this effect.

Latency is not an issue, given that if you receive two blocks, you can easily see which one met the target first. However, this implies using the sum of BCDs to determine the main chain (at least to some extent).

I really like this approach and am attempting to internalize it.

Glad you like it :)

However I just realized I was a little too hasty in assuming the probability to broadcast a block was proportional to the coins you owned.
This is because when you are a small owner, you do not just need to be lucky to publish a block, you also need all the bigger owners to be (much) less lucky than you.
In other terms, it's not BCD that should be proportional to the number of coins owned, it's the probability that your score will be the highest, which is not the same.

A quick fix would be to use "lottery tickets" instead of addresses. Each ticket has a value equal to hash(signature(hash(previous_block)+sequence_number)). If you have 3 coins, you have 3 tickets (sequence numbers 1, 2 and 3. All tickets are equivalent, so this time your odds to win are truly proportional to your number of coins, i.e.: number of tickets.
Then when time_since_last_block^n * AND(ticket, hash(previous_block)) ==  target, you can claim your gains by broadcasting the new block, with your signed message embedded.
If you try to claim ticket 4, it won't work because the other nodes know you don't have 4 coins.
The use of a signature is to deter people from trying to guess other people's tickets and engineering blocks that would be better for them (adding/shuffling transactions). It might not be necessary, depending on how long/how much it takes.

EDIT: another variant, even closer to PoW. Remove time_since_last_block from the target calculation. Instead, everybody draws additional tickets every second: ticket = hash(signature(hash(previous_block)+sequence_number+seconds_since_last_block)). Now it truely is like PoW, and there is some hashing involved, but your contribution is capped by your stake and not by your hardware. If you have 1000 coins, your are capped at 1kH/s. Of course, units are arbitrary.
The benefit is that it makes block generation time less variable.

EDIT2: It seemed to me all these lottery systems are potentially vulnerable to block engineering: if someone had enough hashing power, they might be able to produce favorable blocks with very few coins, by performing minor changes on the list of transactions.
I suppose the system could be made resistant to block engineering by only taking the hash of fields in the block that cannot be altered for lottery purposes, like the signature of the reward claimer and the block height. If you have a ticket good enough to claim the reward, your only degree of freedom is to claim it or not, so your possibilities for block engineering are very limited.
New blocks still have to reference the hash of the previous full block (i.e.: including transactions) though, for obvious security/consensus reasons.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 16, 2013, 05:45:21 pm
The problem with all existing systems (except Ripple) is that blocks are 'centralized' in who defines the block.  When you add markets to a blockchain this becomes a problem.

The Ripple algorithm allows many nodes to reach consensus and provided you have a solid set of Unique Nodes you don't have to trust any one node.

I believe that the Ripple algorithm can be used to build blocks, and transactions as proof-of-stake can be used to slowly ratify those blocks over time.   Your transactions would confirm almost instantly and once enough CDD have passed the state is beyond reproach in the event all of the major UNL are taken down (internet Kill switch) and the network must restart on the other side.

Why should we try to replace something Ripple has already solved?   
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: phoenix on December 16, 2013, 06:38:34 pm
The problem with all existing systems (except Ripple) is that blocks are 'centralized' in who defines the block.  When you add markets to a blockchain this becomes a problem.

The Ripple algorithm allows many nodes to reach consensus and provided you have a solid set of Unique Nodes you don't have to trust any one node.

I believe that the Ripple algorithm can be used to build blocks, and transactions as proof-of-stake can be used to slowly ratify those blocks over time.   Your transactions would confirm almost instantly and once enough CDD have passed the state is beyond reproach in the event all of the major UNL are taken down (internet Kill switch) and the network must restart on the other side.

Why should we try to replace something Ripple has already solved?   

So you're proposing a hybrid system, that's a combination of Ripple's consensus algorithm, and transaction POS? I think this could work very well, and I like the idea of combining the fast confirmation time of Ripple with the added security of POS
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 16, 2013, 06:57:43 pm
The problem with all existing systems (except Ripple) is that blocks are 'centralized' in who defines the block.  When you add markets to a blockchain this becomes a problem.

The Ripple algorithm allows many nodes to reach consensus and provided you have a solid set of Unique Nodes you don't have to trust any one node.

I believe that the Ripple algorithm can be used to build blocks, and transactions as proof-of-stake can be used to slowly ratify those blocks over time.   Your transactions would confirm almost instantly and once enough CDD have passed the state is beyond reproach in the event all of the major UNL are taken down (internet Kill switch) and the network must restart on the other side.

Why should we try to replace something Ripple has already solved?   

So you're proposing a hybrid system, that's a combination of Ripple's consensus algorithm, and transaction POS? I think this could work very well, and I like the idea of combining the fast confirmation time of Ripple with the added security of POS

Keyhotee helps build a darknet of solid UNL based upon all of your friends and family.  Tie in a couple of 'super nodes' from major businesses and exchanges and the network consensus would be very robust.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: luckybit on December 16, 2013, 07:10:15 pm
The problem with all existing systems (except Ripple) is that blocks are 'centralized' in who defines the block.  When you add markets to a blockchain this becomes a problem.

The Ripple algorithm allows many nodes to reach consensus and provided you have a solid set of Unique Nodes you don't have to trust any one node.

I believe that the Ripple algorithm can be used to build blocks, and transactions as proof-of-stake can be used to slowly ratify those blocks over time.   Your transactions would confirm almost instantly and once enough CDD have passed the state is beyond reproach in the event all of the major UNL are taken down (internet Kill switch) and the network must restart on the other side.

Why should we try to replace something Ripple has already solved?   

So you're proposing a hybrid system, that's a combination of Ripple's consensus algorithm, and transaction POS? I think this could work very well, and I like the idea of combining the fast confirmation time of Ripple with the added security of POS

Keyhotee helps build a darknet of solid UNL based upon all of your friends and family.  Tie in a couple of 'super nodes' from major businesses and exchanges and the network consensus would be very robust.

I think you may be onto something. Is there a way to make sure the nodes are geographically diverse? Probably not because we'd have no way of knowing that but that would be the only way I could think of to improve on it.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: phoenix on December 16, 2013, 07:19:48 pm
The problem with all existing systems (except Ripple) is that blocks are 'centralized' in who defines the block.  When you add markets to a blockchain this becomes a problem.

The Ripple algorithm allows many nodes to reach consensus and provided you have a solid set of Unique Nodes you don't have to trust any one node.

I believe that the Ripple algorithm can be used to build blocks, and transactions as proof-of-stake can be used to slowly ratify those blocks over time.   Your transactions would confirm almost instantly and once enough CDD have passed the state is beyond reproach in the event all of the major UNL are taken down (internet Kill switch) and the network must restart on the other side.

Why should we try to replace something Ripple has already solved?   

So you're proposing a hybrid system, that's a combination of Ripple's consensus algorithm, and transaction POS? I think this could work very well, and I like the idea of combining the fast confirmation time of Ripple with the added security of POS

Keyhotee helps build a darknet of solid UNL based upon all of your friends and family.  Tie in a couple of 'super nodes' from major businesses and exchanges and the network consensus would be very robust.

So the more widespread Keyhotee is, the more secure the network is? Everything seems to hinge on widespread adoption of Keyhotee...
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: arkanaprotego on December 16, 2013, 08:01:51 pm
What I don't like in Ripple is that most people cannot become validators because you need a reputation for that. And it doesn't matter who you trust, what matters is who trusts you: if everybody noticed more than half the nodes of the default UNL were subverted by some entity, no one would be able to help it, because no one would trust each other. Worse yet, the honest validators would validate the dishonest ledgers in the name of consensus.

But on the other hand I am beginning to be convinced that securing economic infrastructures with money only (in the form of ASICs, electricity, shares... you name it) is not so great, because it is quite cheap for a powerful attacker as long as the community is growing.

So distributed trust might be the safest solution for the moment... But definitely not the one I like most.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: itnom on December 22, 2013, 03:25:19 pm
I believe that the Ripple algorithm can be used to build blocks, and transactions as proof-of-stake can be used to slowly ratify those blocks over time.   Your transactions would confirm almost instantly and once enough CDD have passed the state is beyond reproach in the event all of the major UNL are taken down (internet Kill switch) and the network must restart on the other side.

bytemaster, this makes a lot of sense to me, however, the rapid block generation would break the promise of bitshares being human tradeable, wouldn't it? How many transactions could be included in such a block?

From a systems engineering point of view such a web of trust would need additional functions such as a solid reputation system with a 0 tolerance level for double spends.

Additionally, to make things more equal, I could really see some sort of randomized block generation mechanism whereas any node with a sufficient reputation level can create a block during some intervals out of its web of trust. The chain with the most blocks stacked on top of it would become the official ledger. Other nodes with enough reputation could then look into the broadcasted blocks and determine any double spends, not relaying those, and somehow killing the dishonest nodes' reputation.

However, such a system would make upgrading the entire system almost impossible unless at least 51% of all block generating nodes decide to switch *at once*.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on December 23, 2013, 06:45:19 pm
Failure to agree is agreeing to fail, or such is the nature of the marketing behind Ripple.

Given the Unique Node List (UNL) only works when it is cyclic, ie: the nodes trust each other directly or indirectly, this creates a potential for a group of nodes to collude and keep new nodes from joining the inner circle.   No outside party can come along and force their way in.  This provides security while potentially resulting in centralization if the UNL is short.

The defense against this is that it is very easy to launch a clone of the DAC with a more open UNL that follows the social consensus to include all valid transactions in a timely manner. 

Each node in the UNL gets one vote on which transactions to include and once 80% of the nodes are all voting the same way a block is added.  The question becomes who gets to vote?   The most basic version is a single node produces all blocks and everyone has a UNL list that trusts that node.  There is not enough redundancy there, so you spawn 2 nodes that add each other to their UNL (owned by different people).  If these nodes don't add anyone else to their UNL then only their consensus matters. 

Ultimately control will reside in an inner circle which may be 1000 companies sharing a UNL.  These companies are like the Trustees in my Proof of Stake system, except they could form a cartel.    Even with Trustees elected via CDD you can still end up with a cartel because those 'in power' get to control what votes go into the block chain. 

My ultimate conclusion from all of this is that the market is the only thing that is truly decentralized and that competition among DACs each with a different set of gatekeepers is what ultimately protects the little guy. 

Proof-of-Work is costly, less secure, and ultimately results in a self-appointed cartel of individuals willing to destroy the most wealth
Proof-of-Stake is better, but has longer verification times depending upon transaction volume, identifies the best chain, but fails to decide who gets to add blocks. 
Ripple Consensus results in a cartel of merchants and banks.

The only thing that underpins the value of all crypto-equities is the market consensus and network effect.  Bitcoin would rapidly lose value if the self-appointed cartel started to implement tainted coins or otherwise manipulate the blockchain.  The same is true for any DAC.

With BitShares the level of competitive pressure increases dramatically because every chain can have its own BitUSD regardless of the network effect and from a user's perspective it doesn't matter if the value of the BitShares backing it are $1 or $1000 so long as it is not 0.  This means that the dominate BitShares chain must behave or else the market will quickly appoint a new cartel to manage the chain and honor all positions from the previous chain. 

Competition is decentralization and everything else is centralized.   Based upon this insight I believe that we should redefine our goals for DACs:

1) Public Ledger that is easily migrated between competing Cartels
2) Each cartel should have many servers, owned by different people, in as many jurisdictions as possible
3) Many Parallel Alt-DACs powered by different Cartels

As a whole the ecosystem would be entirely decentralized and impossible to shutdown.  It would also be entirely transparent. 

With this understanding we have an entirely different approach to security with a focus on making competition as fierce as possible.  This means the following goals:

1) API Standardization
2) Merchant solutions should be designed to accept a new DAC's BitUSD with a click of a button so merchants can simply support "EVERYONE" and thus anyone can rapidly gain the network effect.
3) DACs should be as easy to build and deploy as possible
4) Cross-DAC trading needs to be made easy.

With these things in place, competition will force fairness and openness. 






Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: phoenix on December 23, 2013, 07:58:33 pm
Competition is decentralization and everything else is centralized.   Based upon this insight I believe that we should redefine our goals for DACs:

1) Public Ledger that is easily migrated between competing Cartels
2) Each cartel should have many servers, owned by different people, in as many jurisdictions as possible
3) Many Parallel Alt-DACs powered by different Cartels

As a whole the ecosystem would be entirely decentralized and impossible to shutdown.  It would also be entirely transparent. 

With this understanding we have an entirely different approach to security with a focus on making competition as fierce as possible.  This means the following goals:

1) API Standardization
2) Merchant solutions should be designed to accept a new DAC's BitUSD with a click of a button so merchants can simply support "EVERYONE" and thus anyone can rapidly gain the network effect.
3) DACs should be as easy to build and deploy as possible
4) Cross-DAC trading needs to be made easy.

With these things in place, competition will force fairness and openness. 

So by making it easy to compete, you ensure that the Cartels running each DAC either support their community or their version of a DAC will fade into the background. If every one of these DACs honors PTS at a minimum of 10% of the total then PTS holders could end up very wealthy from all the shares they'll get in all these different DACs! :)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Brekyrself on December 25, 2013, 06:15:14 pm
Why not a hybrid POW and POS solution?  Use momentum 2.0 for distribution of coins eventually tapering off to a small amount per year just to account for lost or destroyed coins etc...

Merry Christmas
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: luckybit on December 25, 2013, 07:44:41 pm
The only thing that underpins the value of all crypto-equities is the market consensus and network effect.  Bitcoin would rapidly lose value if the self-appointed cartel started to implement tainted coins or otherwise manipulate the blockchain.  The same is true for any DAC.

Today Bitcoin would lose value. In 5 or 10 years the demographic of users will be entirely different and Bitcoin might gain value.

With BitShares the level of competitive pressure increases dramatically because every chain can have its own BitUSD regardless of the network effect and from a user's perspective it doesn't matter if the value of the BitShares backing it are $1 or $1000 so long as it is not 0.  This means that the dominate BitShares chain must behave or else the market will quickly appoint a new cartel to manage the chain and honor all positions from the previous chain. 

Competition is decentralization and everything else is centralized.   Based upon this insight I believe that we should redefine our goals for DACs:

How can we avoid the network effect with the cartels? We need to do everything we can to strategically decrease the power that cartels have. Cartels should have a specific function and it's power should not leak or transfer to anything beyond that specific function. To be simple how do we contain the power of cartels beyond competition which doesn't seem to work very well in the real world for containing the power of banks.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Troglodactyl on December 28, 2013, 04:41:05 pm
For determining who could broadcast a block, why not aggregate the transaction source addresses and hash that aggregation, then require that the broadcaster's public key hash be within n units of it in order to broadcast, where n is the number of coin days he is destroying, and the magnitude of the unit increases with time since last block?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: hasher on January 01, 2014, 04:11:51 pm
i just want to add 1 cent here,
besides Ripple consensus mechanism, its loyalty and compatibility with mainstream financial system give it advantage in short term to adapt Ripple technology to banking system network. (Seems like its not our case..)
Its not unusual, because one of the cofounders of Ripple is MtGox alumni..

Regarding Nxt, here is old kinda "whitepaper" of how nxt mining innovate the mining process, idk if you already read this, they called it transparent mining:
____________________
In Nxt this problem doesn't arise coz all participants (miners) r known. This is a side-effect of 100% proof-of-stake currency. So, let's move to the most interesting part...

As u may know, Bitcoin et al. can be attacked by an entity that possesses 51% of hashing power. 2 main scenarios r possible:
1. Part of the miners leave the "legit" branch of the blockchain and start mining their own branch.
2. Someone buys/produces mining equipment and starts mining secret branch.

The 2nd scenario can't be applied to Nxt, coz no NXTs exist outside the network. Let's look closer at the 1st scenario.

Yesterday the average base target was ~700%. This means that only 1/7 of all stakeholders were generating blocks, we can't say if the rest 6/7 were hit by bus or trying to fork Nxt blockchain. This is in the current Nxt implementation. BCNext is satisfied with the results shown during last 2 weeks and now is going to adjust the mining algo a little bit to make it transparent.

What does this transparency mean? It means that anyone can predict (with very high probability) who and when will generate next block(s). And this gives us superior advantages:
1. Transactions can be sent directly to the miner who will mine the next block (if he decides to reveal his location on the Internet), thus saving traffic and coming much closer to VISA/MasterCard processing volumes.
2. Blocks can be generated in advance and sent to most of the miners before they become valid (timestamp validation), thus greatly reducing rate of orphaned blocks.
3. Due to ability to predict timestamps of future blocks (rate of blocks) it becomes possible to set appropriate fees to assure quick confirmations for important transactions (without paying too much for inclusion into a block).

And the most important feature:
The network can detect which miners don't take part in block generation and act accordingly.

The last point deserves to be described with more details.

Imagine someone is going to do a "51%" attack against Nxt and he owns 90% of all coins. The adversary must stop generating blocks for legit branch coz he won't be able to compete against 100% mining power with his 90%. So he decides to "skip" his turn to generate a block. The rest 10% of the network detects this and penalizes the adversary by setting his mining power to 0 and distributing it among other miners. Now the network is back to 100% power coz everyone got 10-fold increase. The adversary can mine other branch in a secret place but it won't be able to replace the legit branch. Of course, the 2nd branch will have 100% "hashing" power tied to it as well, coz the attacker will get his 90% bumped to 100% but this can be counteracted by some mechanisms of advanced consensus (still not revealed).

As a 100% PoS currency Nxt is protected against a government wealthy entity that could buy/produce a lot of ASICs, with the transparent mining it's protected even against someone buying most of the coins.

So, what does make Nxt a really next-gen currency? Not those nice features like decentralized exchange, or decentralized DNS, or decentralized app store. The transparent mining algo does, and this is only the 1st part of BCNext's plan...
________________________
https://bitcointalk.org/index.php?topic=364218.0;all
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on January 01, 2014, 05:54:38 pm
Nxt's transparent mining is good but not the best because it still involves mining and is still CENTRALIZED one-block at a time.  It is also still block based.

With what we are planning you get Ripple style confirmation speed and no ONE node can specify the block contents.   This means that no one node can use their opportunity to generate a block to manipulate the on-chain market.

The space is heating up.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: hasher on January 01, 2014, 07:35:07 pm
Nxt's transparent mining is good but not the best because it still involves mining and is still CENTRALIZED one-block at a time.  It is also still block based.

With what we are planning you get Ripple style confirmation speed and no ONE node can specify the block contents.   This means that no one node can use their opportunity to generate a block to manipulate the on-chain market.

The space is heating up.

bytemaster, what about emunies, are they serious rival to Bts?
____________________
Transactional Model

Originally the eMunie transaction model shared a lot in common with the Bitcoin design, single chain, in and out transactions cross signed using ECDSA scripts and other similarities. From day one, this did not "feel" correct, it is limiting, it is susceptible to 51% attacks via forking and while its design is acceptable to a minor currency implementation, moving forward, it does not scale well enough to be considered a "fiat" challenger.

We decided to redesign 70% of our transaction model and refactor our code.

So how does it work now?

Confirming transactions continues to operate in much the same manner, a forward and back search of the block chain is performed, verifying that the current transaction dependencies are legitimate and continuing in a recursive fashion until an eMu generation block is encountered, or the genesis. Coupled with our efficient POW algorithm (although slightly revised which I'll get into later on) this original method is still the basis of our transaction confirmation functionality and processing.

The main changes are in the "block chain" itself, and the way that transactions are recorded and stored.

eMunie now uses multiple chains, think of the ledger as more of a block tree, than a block chain. There may be many 1000's of small, interconnected chains, all holding valid transactions, and all able to validate transactions across other chain sections. "Forks", or new chains in eMunie are good, they strengthen the system and make a 51% attack impractical if not nigh on impossible, as there are so many chains, taking them all over is rather difficult. Transactions are verified in multiple blocks, with many "hatchers" (or miners as is the lingo here) in the system verifying the same transaction over and over and including a reference to that transaction in many blocks, within many chains.

Double spends are also EXTREMELY difficult with eMunie, as the system now favors a rolling balance over a "transaction in/out" method such as Bitcoin. As soon as you create a transaction, that transaction is distributed to the network as an intention, and it is logged. All nodes now know about this intended transaction and will include it in any subsequent balance calculation should they need it.

Upon the transaction clearing, that transaction is included in 1 or many blocks, and your rolling balance will calculate to the same as when performed using the transaction intention.

Transaction intentions take huge priority over other system messages, so to perform that double spend would require you to be very targeted in where it is sent to, know all about the current network position (its very dynamic) and sent immediately after the original transaction. Should you successfully achieve a double spend, soon after your rolling balance when calculated by nodes in the system will enter a negative balance, that peer and wallet address will then be immediately blacklisted forever.

Supply, Demand & eMu Generation

Currencies, or money supply, work with reliance to supply and demand, the more demand the more supply, the problem is of course, that in the fiat world, this is manipulated by the central banks to their own agenda, and dilutes the fiat supply... or inflation.

A stable currency needs a stable value, and a stable value can only be achieved with a solid supply and demand model that doesn't dilute the already in circulation money supply. If it does, new money steals the value from your current money supply and thus is devalued, as it has not "earned" its own value yet.

With eMunie we have looked at these issues in great detail, and believe we have a solution, that will ensure a fair, stable, honest currency value that does not dilute the holding of any single person in the system anywhere.

Save for the details of the mathematics (which will be in the white paper), demand is simply a call for new eMu, whether that be new accounts with new people coming on board, or regular users of eMunie wanting to have more of a holding.

Demand in the system is always closely chased, via an trailing elastic supply model, so there is just enough eMu in circulation to almost meet to the current demand trends....unless demand comes to a halt or is exceeded by supply. When this happens, no more eMu is created until the current excess supply available is used by demand. This recognition of excess supply happens quickly, so the excess will always be a very small percentage of the entire money supply, thus the effect of this supply will be nominal at best.

Where does the supply come from you ask? It comes from the hatchers. Hatchers perform work while clearing transactions, the amount of work any single hatcher in the system does, is easily calculated from the block tree, and thus, a % portion of the work done by that hatcher in a specific time period can be determined. A hatcher will then receive that % portion, of the systems calculated supply of new eMu required from the current demand.

eMu can not be spent from a hatcher account, it can only be transferred to either an exchange account, or a regular eMu wallet via a mediator. This mediator records the movement of supply eMu into the system and is included in future supply calculations. Hatcher owners are then free to do with the eMu as they so wish, hopefully, trading some or all of it out into the system.

These generated eMu's will have "value" as the hatchers have performed real world work to acquire them, however, a caveat of this, is that as the system load increases, and more work is done by more hatchers, these eMu's increase in deemed value, thus devaluing the already present eMu's in the system....and thus acts like traditional INFLATION.

Interest

To combat this inflation due to the effect of the increasing work in the system, a portion of the supply eMu's are passed to the accounts already holding eMu as "interest". Interest is calculated as the current annual % increase in eMu supply, as per demand, plus a % increase to ensure equilibrium. This ensures that while the new supply of eMu entering into the system may have higher "value" due to more work done to achieve them, all other eMu's in the system, while worth less, are topped up with new, more valuable eMu to guarantee that stake holder of current eMu does not loose out.

Interest is ALWAYS higher than new supply %, even if just marginally, except in the event, that demand ceases to exist, or is 0. Interest is then also 0 to ensure the equilibrium and solidify the value of all eMu in the system.
______________________
http://forum.emunie.com/index.php?/topic/139-emunie-latest-technical-and-feature-set-ramblings-29th-june-2013/
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on January 01, 2014, 07:41:12 pm
Not a competitor in my view.

Their interest system is similar to the original BitShares dividend system and merely masks a stock-split with 0 real economic impact aside from perception. 
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: vikram on January 06, 2014, 02:07:50 pm
Transactions as Proof-of-Work & The Start of Mining: http://pastebin.com/index/w4UMGmGp  ;)

Interesting read in light of all the improvements being made for BitShares.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: fuzzy on January 10, 2014, 10:19:47 pm
Competition is decentralization and everything else is centralized.   Based upon this insight I believe that we should redefine our goals for DACs:

1) Public Ledger that is easily migrated between competing Cartels
2) Each cartel should have many servers, owned by different people, in as many jurisdictions as possible
3) Many Parallel Alt-DACs powered by different Cartels

As a whole the ecosystem would be entirely decentralized and impossible to shutdown.  It would also be entirely transparent. 

With this understanding we have an entirely different approach to security with a focus on making competition as fierce as possible.  This means the following goals:

1) API Standardization
2) Merchant solutions should be designed to accept a new DAC's BitUSD with a click of a button so merchants can simply support "EVERYONE" and thus anyone can rapidly gain the network effect.
3) DACs should be as easy to build and deploy as possible
4) Cross-DAC trading needs to be made easy.

With these things in place, competition will force fairness and openness. 

So by making it easy to compete, you ensure that the Cartels running each DAC either support their community or their version of a DAC will fade into the background. If every one of these DACs honors PTS at a minimum of 10% of the total then PTS holders could end up very wealthy from all the shares they'll get in all these different DACs! :)

Heck yeh...but at that point, the greatest thing about it will be how diversified your DACFolio will be :D

Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: vikram on January 18, 2014, 09:47:31 pm
Comments from Vitalik Buterin on Transactions as PoS: http://www.reddit.com/r/ethereum/comments/1vh94e/dagger_updates/cesv1d8?context=3

Quote
Transactions-as-POS is good against secret attack chains, but falls apart against public attacks for the exact same reason as PPCoin-style POS - recipients of transactions want to see a version of the transaction for each version of the blockchain so that they can be sure they won't be double-spent during a reorg, and so people making transactions have an incentive to make a version of the transaction for each version of the blockchain (ie. double mining) to satisfy the recipients. Transactions-as-POS plus Slasher-style punishment solves the problem, but then introduces too many opportunities to send people money and then destroy that money and get a portion back immediately after the fact.

Thoughts?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on January 18, 2014, 10:20:22 pm
There is never an opportunity for a 'chain fork' because of the ripple style consensus algorithm used to extend the chain.  Those who create transactions are merely signing the global consensus ledger and making it impossible for the core consensus nodes to create an alternative chain.

Ripple operates just fine without TaPOS so the only thing TaPOS is doing is making the ledger signing more distributed and harder to forge than in ripple alone. 

So the proper comparison is Consensus + TaPOS.

Failure to agree is agreeing to fail as Ripple states it.

I would like to make a point about decentralization:  Separation of Powers is decentralized even if there is only one party trusted with a given task at any given moment.   

Suppose for a second you had the following situation: a single server that signs every block and distributes it to everyone.  Yikes "that is centralized!" most people would complain, but lets examine the 'power' this server has?

1) It is well known and thus cannot get away with a double spend.
2) It cannot change the history of the block chain, everyone else has cemented the server's prior signatures in stone via TaPOS
3) It cannot produce alternate chains for different users because all users are comparing notes as to the current head block.
4) It cannot change the validation rules arbitrarily because every block produced must be validated by all nodes or all transactions stop until someone else can be appointed the block creation role.

So it seems that the only power this ONE node has is to select which transactions to include.   This is no different than one or 2 nodes in the bitcoin network or any network based upon proof of work.   

The last step toward decentralization is robust automatic failover in the event this one node is shutdown or attempts (but fails) to comment fraud.   Systems like Ethereum automatically shift who has this role every single block based upon a mining lottery.  Even their POS system is based upon a mining lottery where the ease of mining is adjusted by your balance.  Here you still centralize the process of selecting transactions ONE BLOCK at a time, you just have very short term limits.  Dictator for a block if you will.

Consensus is simply an algorithm to decentralize the process of selecting which transactions go into every block and to provide robust automatic failover in the event a single node goes down.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: nametooshort on January 20, 2014, 08:06:26 am
Did Bitshares lack of checkpointing?
Bitshares should grant nodes which meets a condition to sign checkpoints, like Solidcoin, but not necessary for network.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Schwede65 on January 22, 2014, 10:10:00 am
Suggestions for the transaction-chain of bitshares

1. one ordering-node (with extra two parallel running backup-server - one of them goes online when the master is down) to define only the sequence of the transactions
this ordering-node gets this - at first at one node-confirmed transactions - to post the transaction-sequence to the 20 nodes

if in the first step a transaction has to be set corrupt (wrong addresses or other mistakes) it has to be sent back to the client by the node without sending it to the ordering node

2. 20 nodes get this sequence and confirm the transaction(s) with their full transaction-chain - a transaction is confirmed and done by minimum of 10 or 15 different nodes-approvals

3. the full transaction-chain must be on all 20 nodes for the confirmations

4. the thin client can choose which data he wants to have
a) minimum (default): the confirmed transactions of this client (very thin for mobiles and smartphones)
b) medium: decentralized distribution of the transaction-chain - done by the nodes - they divide the whole transaction-chain into 25, 50, 100 or more pieces and send them to the clients - one piece of the whole chain has to be sent to minimum 50 clients
c) full: the whole transaction-chain downloadable by the nodes - with the full download of the chain he is part of the complete transaction-chain-distribution on the network - may be the thin client is now a full client and could be a part of the transaction-confirmation-job of the 20 nodes - so we might have for a correct transaction-confirmation 10 % of the (now) full clients

the numbers of the 20 nodes are scalable - may be starting with 10 nodes

so the bitshares-system has to run 23 (13) server - with the donations now it is no financial problem

or is this system too centralized?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on January 22, 2014, 07:21:59 pm

The Cons of Proof-of-Stake?
1) How to distribute coins?  Many options here.


What if coins are distributed from a faucet in such a way that it is as evenly distributed around the world as possible?

e.g. - use the requestor's IP address and employ daily limits per subnet, etc.

I understand the issue is that the faucet itself is centralized, but if kept honest it would provide decentralized distribution of coins.

If there is a way to incorporate that logic in the P2P nodes themselves, even better.

I'd love to see a coin in which adoption is not motivated purely by greed and pre-mine.

Premining is only a problem when a currency is based upon a speculative bubble and pump and dump.  If a *share* is allocated to the developers of technology that provides a *service* and thus produces non-speculative value then the creators are the initial owners and may sell or distribute in any way that they believe will maximize their profits. 

 Isn't it greed and envy that motivate the masses that want something for nothing?   No one ever accused AAPL of premining their stock.   

We should stop expecting people to be selfless and instead focus on producing the most value for our fellow man and thus earning the highest profits.   If you don't like their distribution market competition can kick in to keep everyone honest.



Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: earthbound on January 24, 2014, 01:48:45 am
What's a good topic, web site or reference for me to research to get the background that would render me able to comprehend this paper on any level? For example, if I come to understand Peercoin's proof-of-stake implementation (how it works, what its purpose is, etc.), would that give me a background? (And maybe I could review the mechanics of Bitcoin before I even tried taking on Peercoin?)

Because wow-ee, I am utterly lost.

???
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Ben Mason on January 24, 2014, 12:03:15 pm
please correct me if i'm wrong, but does it really matter who profits or by how much from the initial building of decentralized infrastructure.  All that really matters is that it is built and given the opportunity to thrive and out-compete structures based on hierarchies.  The real benefits are in the long term where the allocation of capital and resource will become more democratic and wealth will become more evenly distributed.  The knock on benefits have the power to tranform humanity and move us closer to becoming civilized.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: cob on January 26, 2014, 04:04:34 am
Can anyone explain exactly how III is combining ripple's consensus mechanism with Proof of stake?
I've watched the ripple video. I'm not sure where proof of stake would fit in all this.
Anyone have mad explaining skills? Or maybe a nice explainer article and video?

thanks
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on January 31, 2014, 08:52:38 pm
I have been working on the consensus algorithm and while it is fast it has the following problems:
1) There is no way to compensate people for running full nodes. 
2) The cost of running full nodes grows with N^2 the number of nodes participating in the consensus process
3) There is no way to reward nodes that participate in consensus to cover the cost of bandwidth growing
4) If you rely on charity, the regulatory risks may result in nodes not proliferating
5) If you do reward nodes participating in the consensus process your costs either grow N^2 or nodes on the UNL have financial incentive NOT to add new nodes to the inner circle.
6) If you rely on indirect benefits then the incentives might not be properly aligned.

My conclusion is that the primary benefit for using the consensus algorithm is automatic failover in the event some nodes go down.  I also believed it was more decentralized that BTC but perhaps less so than NXT.

To this end it seems I must strive to achieve the goal of decentralization and thus have a new proposal for implementing TPOS. 

1) The "mining" reward will be kept to 1% of transaction fees.  We do not want significant resources thrown at this because the only purpose of mining now is to decide on the next block, NOT to secure the network.  The cost of mining should thus be very small and amount to an election.

2) Let N be the number of blocks per year
    Let M be the money supply at the start of the year
    Let m be the money transacted and n be the number of days since it was last moved.
    Let CDD be m*n
    Let ACDD be the Average CDD per block which can be calculated as N*M/N or M
    Let T be the base mining difficulty target (adjusted via moving average)
    Let BCDD be the CDD actually destroyed by the block.

    IF( BCDD > ACDD ) BCDD = ACDD.

    Given the above we can define the target difficulty for solving a block as:
   
    1 + T*(1- BCDD/ACDD)^2

3) The only transactions that count toward CDD are those that reference a prior block in the chain, thus miners will be unable to build secret chains using CDD of transactions produced by regular users.
4) If two blocks are found that extend the same chain, the one with the most CDD wins.
5) If two blocks with the same CDD are found then the one with the higher hash wins.

Results:  everyone can mine and attempt to produce a block at some 'base level' that is not perceptible to the user.  Someone with a large amount of the share supply would have limited advantage because everyone gets to mine POS using everyone else's transactions and everyone is mining at a base level, say 1% of CPU. 

The only thing a 'miner' can do to harm the network is Denial of Service (blocking transactions), but a miner attempting to do this would be at a disadvantage against all of the miners which are including transactions. 

So what can someone with unlimited hashing power do...  they can still perform a DOS on the network provided they have  100,000 * the number of computers on the network in hash power.  Unfortunately for them, the cost would far exceed the fees earned. 

Something to think about.

How is that for decentralized?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: valtr on February 01, 2014, 09:49:56 am
At this moment I am mining Protoshares 24 hours daily + I am runing the Protoshares wallet with >100 nodes connected. I hope running the wallet is helpfull for the community.
As far as I understand running Bitshares client will be the same + some litle income to help cover the cost of running computer.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: vikram on February 01, 2014, 10:05:32 pm
I have been working on the consensus algorithm and while it is fast it has the following problems:
1) There is no way to compensate people for running full nodes. 
2) The cost of running full nodes grows with N^2 the number of nodes participating in the consensus process
3) There is no way to reward nodes that participate in consensus to cover the cost of bandwidth growing
4) If you rely on charity, the regulatory risks may result in nodes not proliferating
5) If you do reward nodes participating in the consensus process your costs either grow N^2 or nodes on the UNL have financial incentive NOT to add new nodes to the inner circle.
6) If you rely on indirect benefits then the incentives might not be properly aligned.

My conclusion is that the primary benefit for using the consensus algorithm is automatic failover in the event some nodes go down.  I also believed it was more decentralized that BTC but perhaps less so than NXT.

To this end it seems I must strive to achieve the goal of decentralization and thus have a new proposal for implementing TPOS. 

1) The "mining" reward will be kept to 1% of transaction fees.  We do not want significant resources thrown at this because the only purpose of mining now is to decide on the next block, NOT to secure the network.  The cost of mining should thus be very small and amount to an election.

2) Let N be the number of blocks per year
    Let M be the money supply at the start of the year
    Let m be the money transacted and n be the number of days since it was last moved.
    Let CDD be m*n
    Let ACDD be the Average CDD per block which can be calculated as N*M/N or M
    Let T be the base mining difficulty target (adjusted via moving average)
    Let BCDD be the CDD actually destroyed by the block.

    IF( BCDD > ACDD ) BCDD = ACDD.

    Given the above we can define the target difficulty for solving a block as:
   
    1 + T*(1- BCDD/ACDD)^2

3) The only transactions that count toward CDD are those that reference a prior block in the chain, thus miners will be unable to build secret chains using CDD of transactions produced by regular users.
4) If two blocks are found that extend the same chain, the one with the most CDD wins.
5) If two blocks with the same CDD are found then the one with the higher hash wins.

Results:  everyone can mine and attempt to produce a block at some 'base level' that is not perceptible to the user.  Someone with a large amount of the share supply would have limited advantage because everyone gets to mine POS using everyone else's transactions and everyone is mining at a base level, say 1% of CPU. 

The only thing a 'miner' can do to harm the network is Denial of Service (blocking transactions), but a miner attempting to do this would be at a disadvantage against all of the miners which are including transactions. 

So what can someone with unlimited hashing power do...  they can still perform a DOS on the network provided they have  100,000 * the number of computers on the network in hash power.  Unfortunately for them, the cost would far exceed the fees earned. 

Something to think about.

How is that for decentralized?

Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on February 01, 2014, 11:06:59 pm
This is very similar to the original TaPOS paper, the primary difference is difficulty adjustment and mining reward. 

Transactions must reference one of the 2 most recent blocks for their CDD to count toward reducing the mining difficulty.

Transactions from a forked chain can be migrated like any new transaction, their CDD does not count when migrated.

Target block time is 5 minutes.

In my implementation I have removed the square after further review.

Momentum is the hashing algorithm.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: toast on February 02, 2014, 12:47:39 am
Quote
5) So making a transaction with large CDD can be used to immeditately confirm block before target block time?

You missed this one

Quote
The only thing a 'miner' can do to harm the network is Denial of Service (blocking transactions), but a miner attempting to do this would be at a disadvantage against all of the miners which are including transactions. 

I think that if miners still have the ability to choose transaction order then pools will form that pay out higher rewards from selling transaction order advantage to traders
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: vikram on February 02, 2014, 12:59:10 am
This is very similar to the original TaPOS paper, the primary difference is difficulty adjustment and mining reward. 

Transactions must reference one of the 2 most recent blocks for their CDD to count toward reducing the mining difficulty.

Transactions from a forked chain can be migrated like any new transaction, their CDD does not count when migrated.

Target block time is 5 minutes.

In my implementation I have removed the square after further review.

Momentum is the hashing algorithm.

What prevents someone from picking a block far in the past, adding their own transaction with large CDD to its transaction set, then mining and broadcasting a new block with the resulting higher BCDD, causing a huge reorg of all children blocks?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on February 02, 2014, 01:34:30 am
This is very similar to the original TaPOS paper, the primary difference is difficulty adjustment and mining reward. 

Transactions must reference one of the 2 most recent blocks for their CDD to count toward reducing the mining difficulty.

Transactions from a forked chain can be migrated like any new transaction, their CDD does not count when migrated.

Target block time is 5 minutes.

In my implementation I have removed the square after further review.

Momentum is the hashing algorithm.

What prevents someone from picking a block far in the past, adding their own transaction with large CDD to its transaction set, then mining and broadcasting a new block with the resulting higher BCDD, causing a huge reorg of all children blocks?

Because there would be no CDD built on top of that modified block.   

There is also the fact that chain will never perform a reorganization beyond a couple of blocks.  I believe bitcoin almost never has a reorg beyond one or two blocks.  Nodes assume the network has remained connected and thus any major reorganization is an indication of an attack.   Unlike bitcoin I allow the head block to be replaced when two blocks are found at once so the network doesn't split based upon latency in this case.  All nodes build off of the best current block.

Bottom line:  unless there is a problem with network infrastructure it is unlikely any new 'fork' is legitimate and it should be rejected by default.  In other words, it will not be propagated or relayed through the network except by manual intervention.  If there is a problem with network infrastructure then all trading must stop immediately on the minority chain because market transactions cannot be migrated between chains. 

In this case it works like ripple consensus, all nodes assume the public information they already have is legitimate and reject anything that would suggest otherwise.   

Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: yidaidaxia on February 02, 2014, 05:52:20 pm
Target block time is 5 minutes.

If I understand it correctly, that means every transaction need at least 5 min to complete. I think it's too long for a efficient system where people could do their bitassets trading business on it..  Any idea to reduce the transaction time.? I know it's difficutly since ripple way does not work as your assessment.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on February 02, 2014, 06:10:03 pm
Target block time is 5 minutes.

If I understand it correctly, that means every transaction need at least 5 min to complete. I think it's too long for a efficient system where people could do their bitassets trading business on it..  Any idea to reduce the transaction time.? I know it's difficutly since ripple way does not work as your assessment.

In a decentralized system you are limited by the speed of light if you want stability.   Strictly speaking blockchains do not need to be decentralized to serve their purpose.   Someone could implement the exact same transaction model on a central server and as long as the blockchain was public record you could trust them and if they were shutdown someone could just migrate the chain to a new server.  Such a chain could offer instant confirmations and still be trust-free, but centralized.

Thus I content that decentralization has costs but is not necessary for the trust-free revolution.   For now people expect things to be fully decentralized because of regulatory issues. 

Ripple consensus is ultimately a fig leaf of decentralization that is only slightly better than having a dedicated central server with automatic fail over.   The purpose of consensus is to agree on the next closed ledger so I can see it working something like this:

Everyone agrees to let Sam decide on the next closed ledger and he can have that role until he abuses it even once or he dies.  Then we have a chain of command where if Sam is no longer able to perform the job (arrested, etc) then Alice takes over.   Alice could even be set up behind a TOR hidden service.    Neither Sam nor Alice could generate alternative chains without getting caught their alternative chains would be rejected.  Furthermore, Alice could simply sign everything Sam produces and therefore they would have to collude to produce an alternative chain.

I think you can see from this that decentralization of block production is more a necessity of marketing than of security of the network.  Though some could argue that it is a necessity of security for those that would end up signing every block as they would become giant targets for government shutdown.  In the future, once governments lose this war against crypto, then many centralized services will compete to offer instant transactions based upon the premise of open/audit-able blockchains.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on February 02, 2014, 08:44:00 pm
After looking at the math it is clear to me that if a block is even a few CDD shy of the target for the minimum threshold no one will mine because the difficulty would be so much higher that it will not be profitable. 

Therefore in order to 'mine' every block must destroy the minimum number of coindays.  This means that for the blockchain to progress shareholders everywhere must be ready to use their accumulated coindays to mine.   So the question becomes how to divide the transaction fees between the miners and the dividends.   This is another case where I hate to employ price fixing so whether I set it at 100% like NXT, 50% like the original BTS white paper, or 1% like I have suggested recently the result is price fixing.

Fortunately I have a solution that is fair for all and avoids price fixing.  When a miner uses their own coindays to secure the network, they get a percentage of the fees in that block proportional to percentage of the CDD they provided vs those provided by 3rd party transactions.   This means that dividends are earned when security is provided entirely by real network transactions and that mining fees are earned when security is provided by the miner using their own CDD to secure the network. 

This should motivate miners to consume as many CDD as they can as quickly as they can to earn the maximum fees and move the network along.   

The next question people may have is how will transaction fees be priced?   Minimum fee will be set such that if the blockchain was running a full capacity (512K per block) that 1% of the share supply per year would be earned as dividends.  Then I will adjust the fee like I adjust difficulty to maintain an average block size of 512K and a maximum block size of 1 MB.   So if demand picks up then so do fees and when demand falls below 512K below fees will fall back to the minimum.   
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: wan3646886 on February 03, 2014, 02:40:09 am
 :'( :'( :'(什么个意思吗。。
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: wan3646886 on February 03, 2014, 02:42:17 am
简直就是坑爹啊
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: yidaidaxia on February 03, 2014, 03:29:58 am
Thanks for your feedback and detailed explaination. Now I see the point and agree w/ you that, currently, decentralization is more important than fast trasaction. But 5 min is still too long to current people's mind set/expectation, let's see if we could educate people to accept that and the system/market could operate effectively. The only way to do this is to conduct the bitshares XT, so looking forward to 2/28 now.  :)


Target block time is 5 minutes.

If I understand it correctly, that means every transaction need at least 5 min to complete. I think it's too long for a efficient system where people could do their bitassets trading business on it..  Any idea to reduce the transaction time.? I know it's difficutly since ripple way does not work as your assessment.

In a decentralized system you are limited by the speed of light if you want stability.   Strictly speaking blockchains do not need to be decentralized to serve their purpose.   Someone could implement the exact same transaction model on a central server and as long as the blockchain was public record you could trust them and if they were shutdown someone could just migrate the chain to a new server.  Such a chain could offer instant confirmations and still be trust-free, but centralized.

Thus I content that decentralization has costs but is not necessary for the trust-free revolution.   For now people expect things to be fully decentralized because of regulatory issues. 

Ripple consensus is ultimately a fig leaf of decentralization that is only slightly better than having a dedicated central server with automatic fail over.   The purpose of consensus is to agree on the next closed ledger so I can see it working something like this:

Everyone agrees to let Sam decide on the next closed ledger and he can have that role until he abuses it even once or he dies.  Then we have a chain of command where if Sam is no longer able to perform the job (arrested, etc) then Alice takes over.   Alice could even be set up behind a TOR hidden service.    Neither Sam nor Alice could generate alternative chains without getting caught their alternative chains would be rejected.  Furthermore, Alice could simply sign everything Sam produces and therefore they would have to collude to produce an alternative chain.

I think you can see from this that decentralization of block production is more a necessity of marketing than of security of the network.  Though some could argue that it is a necessity of security for those that would end up signing every block as they would become giant targets for government shutdown.  In the future, once governments lose this war against crypto, then many centralized services will compete to offer instant transactions based upon the premise of open/audit-able blockchains.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: Troglodactyl on February 03, 2014, 05:38:30 am
For a trading platform chain I think people will be comfortable with much longer block times than they are payment system focused chain.  Of course we're likely to see some clones with experimental new target times once it takes off anyway.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: alexkravets on February 03, 2014, 07:13:06 am
Mr bytemaster,

Imagine there was a modified Ripple consensus algorithm that would not need any (local) static UNL lists ... i.e. the consensus process would be done exactly as it is today in Ripple, but transaction withholding ( since transactions are digitally signed and hence self-validating AND impossible to replay, transaction withholding is the only way to attack vector left to try to frustrate the consensus) AND validation and other forms of peer message spam (as distinct from transnational spam which is controlled through adaptively escalating fees) is also handled by such a modified version.

Would such a modified Ripple consensus satisfy ALL your decentralization, instant (as permitted by bandwidth and speed of light lower bound on convergence time) confirmation and lack of UNL cartel requirements ?

(Note, your earlier remark about N^2 load growth inside ripple network as number of peer nodes growth would apply but only in the case of each peer wanting to connect to all others, instead they have the usual low and high watermark P2P networking code)
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on February 03, 2014, 05:59:13 pm
If such an algorithm existed I would be very interested in it.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: vikram on February 03, 2014, 06:39:48 pm
After looking at the math it is clear to me that if a block is even a few CDD shy of the target for the minimum threshold no one will mine because the difficulty would be so much higher that it will not be profitable. 

Therefore in order to 'mine' every block must destroy the minimum number of coindays.  This means that for the blockchain to progress shareholders everywhere must be ready to use their accumulated coindays to mine.   So the question becomes how to divide the transaction fees between the miners and the dividends.   This is another case where I hate to employ price fixing so whether I set it at 100% like NXT, 50% like the original BTS white paper, or 1% like I have suggested recently the result is price fixing.

Fortunately I have a solution that is fair for all and avoids price fixing.  When a miner uses their own coindays to secure the network, they get a percentage of the fees in that block proportional to percentage of the CDD they provided vs those provided by 3rd party transactions.   This means that dividends are earned when security is provided entirely by real network transactions and that mining fees are earned when security is provided by the miner using their own CDD to secure the network. 

This should motivate miners to consume as many CDD as they can as quickly as they can to earn the maximum fees and move the network along.   

The next question people may have is how will transaction fees be priced?   Minimum fee will be set such that if the blockchain was running a full capacity (512K per block) that 1% of the share supply per year would be earned as dividends.  Then I will adjust the fee like I adjust difficulty to maintain an average block size of 512K and a maximum block size of 1 MB.   So if demand picks up then so do fees and when demand falls below 512K below fees will fall back to the minimum.

Could a minimum threshold on CDD make it difficult to bootstrap fledgling DACs which start out with very little activity?

Also, I found this post interesting: http://blog.ethereum.org/2014/02/01/on-transaction-fees-market-based-solutions/
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on February 03, 2014, 07:00:34 pm
After looking at the math it is clear to me that if a block is even a few CDD shy of the target for the minimum threshold no one will mine because the difficulty would be so much higher that it will not be profitable. 

Therefore in order to 'mine' every block must destroy the minimum number of coindays.  This means that for the blockchain to progress shareholders everywhere must be ready to use their accumulated coindays to mine.   So the question becomes how to divide the transaction fees between the miners and the dividends.   This is another case where I hate to employ price fixing so whether I set it at 100% like NXT, 50% like the original BTS white paper, or 1% like I have suggested recently the result is price fixing.

Fortunately I have a solution that is fair for all and avoids price fixing.  When a miner uses their own coindays to secure the network, they get a percentage of the fees in that block proportional to percentage of the CDD they provided vs those provided by 3rd party transactions.   This means that dividends are earned when security is provided entirely by real network transactions and that mining fees are earned when security is provided by the miner using their own CDD to secure the network. 

This should motivate miners to consume as many CDD as they can as quickly as they can to earn the maximum fees and move the network along.   

The next question people may have is how will transaction fees be priced?   Minimum fee will be set such that if the blockchain was running a full capacity (512K per block) that 1% of the share supply per year would be earned as dividends.  Then I will adjust the fee like I adjust difficulty to maintain an average block size of 512K and a maximum block size of 1 MB.   So if demand picks up then so do fees and when demand falls below 512K below fees will fall back to the minimum.

Could a minimum threshold on CDD make it difficult to bootstrap fledgling DACs which start out with very little activity?

Also, I found this post interesting: http://blog.ethereum.org/2014/02/01/on-transaction-fees-market-based-solutions/

The minimum threshold on CDD is not a problem when miners are rewarded with BTS from TRX fees for the CDD they destroy. I have carefully worked through things to make sure the chain does not 'hang' for lack of CDD.

I read that ethereum post and am going to offer my opinion as an economist:
1) They are attempting to set prices without using market forces which brings up all kinds of fallacies and problems:
  a) They assume that price can be calculated from costs... the input theory of prices which is the way all centrally planned systems attempt to manage their economies. 
  b) They assume that price can be voted on democratically.  This is flawed for the same reasons all voting systems are flawed, the minority loses.
  c) They assume prices can be calculated in the absence of voluntary trade.

2) They assume that a blockchain needs to grow to handle more than 7 trx per second which is based upon the one-chain to rule them all mentality.

3) Miners collect the fees, but users bear the costs.  Without a dividend system there is no way to compensate the average user for the costs on the network nor to reward them for holding and not transacting.   

I contend that a fixed bandwidth target with fees dynamically adjusting to match the supply/demand for transactions is the best market-based way of setting fees for a fixed definition of decentralization (bandwidth usage).   

If you are going to allow the blockchain size to grow then you create a prediction market that will set the target block size.  This way people can hedge their positions and it is resistant to sybil attacks.

 

Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: santaclause102 on February 07, 2014, 06:25:17 pm
Has this (proof of deposit) been reviewed yet?  http://bitcoinmagazine.com/9317/how-to-secure-a-blockchain-with-zero-energy/
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: alexkravets on February 08, 2014, 09:56:18 am
If such an algorithm existed I would be very interested in it.

Latest newsletter http://goo.gl/I7r1mM says that Ripple-style consensus will be replaced with an earlier tweaked TaPOS.

Is there a version of TaPOS that solves the centralization-one-block at a time problem that all block-chain systems face ?

(Any miner who solves a block has a window to insert arbitrary transactions to front-run the market while removing transactions that would go against him).

Dan,

After I saw your remark about once-block-at-a-time centralization that all chains face (you too ethereum) I thought that was gonna be enough to not consider block-chains for a decentralized market ...

Your previous concerns about Ripple style consensus have all been debated and put to rest by the Ripple community almost a year ago.

There IS one issue which is a Ripple-like consensus system DOES start centralized (but already much less so than ANY chain with top 3 pools having 50% hash power) but over time decentralization is inevitable as more nodes join and users choose to customize their UNL lists.

N^2 growth in traffic objection as N nodes join does not apply in practice because nodes only exchange messages between low and high watermark of local peers not everyone.

Perceived lack of incentive to participate for nodes is addressed by two thing:

1. Running a consensus nodes is a constant near-zero cost and keeps falling with moore's law.
2. Running a consensus node benefits the owner in various secondary ways (lower latency access to network, etc) which should be plenty enough for brokers, banks & market makers to do.

Cheers ...

TL;DR: How does modified TaPOS address the centralized-one-block-at-a-time problem ?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on February 10, 2014, 09:00:53 pm
It is entirely possible that I have not grasped some key aspect to how Ripple reaches consensus, but my analysis is based upon the following foundation:

1) If the first two nodes agree to reach consensus and they never add anyone else to their UNL list then no one else's opinion matters.   
2) If one of the two nodes adds a second person to his UNL list then there is a 50% chance of a fork because not everyone agrees.
3) You can minimize the likelihood of a fork so long as their is sufficient overlap in everyones UNL, however achieving sufficient overlap can be tricky.
4) Based upon my current understanding this only has the appearance of decentralization while effectively the only opinions that matter are those of the largest fully connected set in the UNL graph. 

So perhaps there is another means of solving this problem of setting up a UNL that is properly balanced with low likelihood of forking.    I suspect it is possible to avoid N^2 with the proper network topology, but am unsure how to guarantee the proper network topology in a decentralized manner.  After all, the 'center' of the network is constantly moving as new nodes are added and even if you start out properly balanced, you could find yourself outside the core to the point that either your opinion doesn't really matter or the network splits.  Remember, it doesn't matter who you put on your UNL... it matters who puts you on theirs.

I spent a lot of time talking about the ideal of not being centralized for a single block.  This is a huge advantage that Ripple has over random selection of block producers used by POS and POW.   I partially mitigate this problem in TaPOS because the difficulty of finding a block is reduced as the number of transactions increases.  This means that excluding a valid transaction from the block puts you at a disadvantage against everyone else.   Furthermore, even if you do produce a block and broadcast it, someone who produces a block with more CDD can always replace your head block which has fewer CDD, then the network could take your failed mining attempt and destroy your CDD anyway. 

Someone wanting to attempt this could only do so proportional to the percent of the share supply they control.   Combined with my market matching algorithm that penalizes those who walk the book in a single block, I believe I have mitigated any meaningful attempt at 'front running' the market by withholding transactions, especially because large transactions are likely accompanied by large amount of CDD. 

Conclusion, the 'consensus' is automatically to include everything and thus excluding transactions is a major risk of both wasting energy and your CDD.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: vikram on February 12, 2014, 07:58:27 pm
Paper on vulnerability of vanilla POS: http://www.reddit.com/r/BitcoinSerious/comments/1xpzb8/pos_is_more_vulnerable_to_51_attacks_than_pow/

I haven't looked thoroughly, but I don't think this affects TaPOS.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on February 12, 2014, 08:18:39 pm
Paper on vulnerability of vanilla POS: http://www.reddit.com/r/BitcoinSerious/comments/1xpzb8/pos_is_more_vulnerable_to_51_attacks_than_pow/

I haven't looked thoroughly, but I don't think this affects TaPOS.

This paper is a bunch of mathematical mumbo-jumbo entirely detached from real economics.   If the US government announced that it wanted to buy 50% of the coins then the price would go through through the roof as every rational actor in the system would know several things:   

1) there is a buyer attempting to own the network... and that if they hold out they can get a higher price.   
2) the assumption that the coin becomes worthless once 50% ownership is held by a single player is also flawed.  For one thing, the government couldn't announce such a program "and mean it" without justifying to the public a reason to actually buy these coins vs simply outlawing them.   
3) the demand for a viable coin will simply cause a new alternative to pop up and the government is back to square one.
4) Unlike Proof-of-Work where once you own the mining you own every coin that uses that POW... with POS you can never own all the coins that can be created.

My conclusion is that this paper doesn't even apply to existing POS coins and certainly doesn't apply to TaPOS.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on February 12, 2014, 08:22:57 pm
My counter to the supposed attack is for a credible organization (like the *Coin Foundation) to announce that a hard fork would be created removing all balances held by the government in the event they attempt such an attack.  The market consensus would support the foundation backing the coin and the market participants would see that if the government calls the bluff the price will rise as and when the government is successful everyone would fork and get a 50% dividend.   

Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: BldSwtTrs on February 12, 2014, 10:17:49 pm
4) Unlike Proof-of-Work where once you own the mining you own every coin that uses that POW... with POS you can never own all the coins that can be created.
On Bitcointalk sometimes instead of ads there are informative messages about Bitcoin. One says Even in the event that an attacker gains more than 50% of the network's computational power, only transactions sent by the attacker could be reversed or double-spent. The network would not be destroyed. Another one: Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks. I have also heard Andreas Antonoupolos said the 51% attacker would only be able to destroy the next 10 minutes of transaction before being kick out the network

So you are saying all of this is not true?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on February 12, 2014, 11:11:14 pm
4) Unlike Proof-of-Work where once you own the mining you own every coin that uses that POW... with POS you can never own all the coins that can be created.
On Bitcointalk sometimes instead of ads there are informative messages about Bitcoin. One says Even in the event that an attacker gains more than 50% of the network's computational power, only transactions sent by the attacker could be reversed or double-spent. The network would not be destroyed. Another one: Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks. I have also heard Andreas Antonoupolos said the 51% attacker would only be able to destroy the next 10 minutes of transaction before being kick out the network

So you are saying all of this is not true?

I am saying that a 51% attacker could perform a denial of service attack and prevent transactions from being included at all.  That is within the rules of the network. 
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: JoelKatz on February 13, 2014, 11:59:23 pm
I have been working on the consensus algorithm and while it is fast it has the following problems:
1) There is no way to compensate people for running full nodes.
Right, but there is no need to compensate them. Bitcoin doesn't compensate people for running full nodes, only for mining, which consensus doesn't have.

Quote
2) The cost of running full nodes grows with N^2 the number of nodes participating in the consensus process
I'm not sure how you figure that. The cost of the consensus process itself scales as N log N and is divided over the nodes. The work each node has to do scales with the log of the number of nodes participating. Perhaps you're thinking that every node must directly consider what every other node is doing. That's not so. You only need a sample, and that scales with the diameter, which is the log of the number of nodes.

Quote
3) There is no way to reward nodes that participate in consensus to cover the cost of bandwidth growing
There is no evidence that there's any need to do this. Bitcoin doesn't reward transaction relaying either.

Quote
4) If you rely on charity, the regulatory risks may result in nodes not proliferating
It's not charity. People run nodes because they want high-quality access to the network. If the network doesn't provide services worth its bandwidth, it should die. This is the same reason people run Bitcoin nodes.

If you don't believe me or are still worried, then the community can just decide that, say, 1,000 validators is enough to provide reliability and decentralization. Adding more would provide no benefits, so just don't. There's no need for 100% agreement on this, people can just refuse to relay validations they don't think add sufficient value.

Also, you can't have it both ways. Your argument is basically, "nobody will run a validator because the bandwidth caused by all the reliable validators that we can't afford to drop will be too high" that's like "nobody wants to go to that restaurant because it's too crowded".
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: JoelKatz on February 14, 2014, 12:16:31 am
2) If one of the two nodes adds a second person to his UNL list then there is a 50% chance of a fork because not everyone agrees.
You're assuming the nodes aren't trying to reach a consensus when in fact that is their top priority. If one node refuses to change its position because doing so will cause a fork, then the other node will change its position. Avoiding a fork is every node's priority, second only to correctness. Why would a node fork when changing its position would avoid one?

If two people are trying to decide where to go for dinner and one says "it must be Olive Garden" and the other says "Olive Garden is okay, but I prefer Burger King", they'll agree to go to Olive Garden.

Consensus is robust because if there's absolutely no reason at all to exclude a transaction, then every honest node will want to include it. If there's any reason at all to exclude a transaction, then every honest node is perfectly happy to exclude it, so long as it gets introduced into the next round, which every honest node will agree to.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on February 14, 2014, 12:28:09 am
2) If one of the two nodes adds a second person to his UNL list then there is a 50% chance of a fork because not everyone agrees.
You're assuming the nodes aren't trying to reach a consensus when in fact that is their top priority. If one node refuses to change its position because doing so will cause a fork, then the other node will change its position. Avoiding a fork is every node's priority, second only to correctness. Why would a node fork when changing its position would avoid one?

If two people are trying to decide where to go for dinner and one says "it must be Olive Garden" and the other says "Olive Garden is okay, but I prefer Burger King", they'll agree to go to Olive Garden.

It is like having two groups of friends, half want to go to Olive Garden and half want to go to Burger King... but not everyone cares what everyone else things because they all have a local perspective.   So from the perspective of the BK crew they have a super majority and from the perspective of the OG crew they have a super majority... anyone who tries to be friends with both crews is screwed they pick one side to go with... so one guy sides with OG and another sides with BK.

The only way to avoid this problem is if the network is properly balanced with enough interconnectedness.  At this point you can make some assumptions and see n log n scalability.   

So everyone wants to reach consensus and they do reach consensus within their domain...  some nodes who are in two domains will recognize a split as a minority of their UNL list goes some other direction. 

Every response I have seen in the Ripple discussions says this is just a misconfigured UNL.

Ok, now that we have established this the question becomes how do nodes add each other to their UNL in a way that insures properly connected network?    It seems to me that everyone will want to include the big players in their UNL and thus become yes-men, after all the big players have no incentive to care much about every new node that joins the network....

I am not ruling out consensus algorithm just yet, I just think it will require more work to understand and verify than TaPOS.   If we can get an implementation that uses consensus + POS then I will be very happy. 


Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: JoelKatz on February 14, 2014, 12:34:59 am
It is like having two groups of friends, half want to go to Olive Garden and half want to go to Burger King... but not everyone cares what everyone else things because they all have a local perspective.   So from the perspective of the BK crew they have a super majority and from the perspective of the OG crew they have a super majority... anyone who tries to be friends with both crews is screwed they pick one side to go with... so one guy sides with OG and another sides with BK.
There aren't two positions on an equal footing. Everyone understands that a transaction can only be included if it has a supermajority of support and they are perfectly happy to exclude a transaction for one round rather than risk a fork. If there's a standing agreement to go to Burger King if there's no agreement otherwise, the problem is much simpler.

Also, nothing terrible happens if they go to different restaurants. They just fail to produce a consensus ledger and can try again.

Quote
So everyone wants to reach consensus and they do reach consensus within their domain...  some nodes who are in two domains will recognize a split as a minority of their UNL list goes some other direction.
Those nodes will just convince the side that included the transaction to exclude it, because nobody wants a fork. You have to imagine a crazy topology for that not to work.

Our plan for Ripple is to have organizations that publish lists of validators whose performance they monitor. They will include the jurisidiction and organization type of the validator. By default, the software will pull validator lists from several such organizations and pick a random sample, weighted by the number of organizations that include that validator. You will be able to add filters like "no validators in the US" or "no validators operated by governments" if you wish, as organizations will include that information in the lists they publish. You will, of course, be able to add or blacklist validators, change the list of publishers, and so on.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on February 14, 2014, 12:46:22 am
So effectively a single node can hold out and say... sorry I am not including any transactions until everyone agrees with me not to include any transactions?  The entire network would then halt....  I am assuming this is NOT the case which means there exist cases where consensus is reached by many but not all and the guy who is out voted must accept it or move on....   

Sure, eventually this node will be identified and pulled from the UNL of its peers, but for a while it could get away with excluding the node.

If the UNL nodes are public, the government could pass a law requiring filtering and then what?   

I believe the people at Ripple are smart and have a solution that works.  It was my faith in Ripple's mere existence that convinced me it was possible.   So I really, really want to understand at a deep level how Ripple works and their algorithm can be used.   

In fact, I will probably create a bounty for a version of BitShares X that implements the Consensus algorithm while I focus on getting our MVP done.   It just has too much potential if UNL lists can be properly organized. 

How many nodes are currently participating in the UNL consensus aspect of the Ripple network?   Has anyone produced a network topology of a directed graph of UNL lists? 
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: JoelKatz on February 14, 2014, 01:02:56 am
So effectively a single node can hold out and say... sorry I am not including any transactions until everyone agrees with me not to include any transactions?  The entire network would then halt....  I am assuming this is NOT the case which means there exist cases where consensus is reached by many but not all and the guy who is out voted must accept it or move on....   
Right, but that's fine. The consensus process can fail and no harm is done except there's no consensus. It causes a tiny spike in transaction validation time. Who cares. (Think of a result of a consensus round being like a mined block. They can be orphaned or abandoned. Either they survive or they don't.)

Quote
If the UNL nodes are public, the government could pass a law requiring filtering and then what?
The same thing could happen with any scheme. Transactions are public. Say the goverrnment passes a law prohibiting people from accepting Bitcoin transactions on any chain that included specific transactions. Business would know who sent them Bitcoins and could tell if those Bitcoins passed through the prohibited transactions.

Quote
How many nodes are currently participating in the UNL consensus aspect of the Ripple network?   Has anyone produced a network topology of a directed graph of UNL lists?
We're hoping to have a transition to a large number of distributed validators well underway around June. Currently, Ripple Labs runs five validators and pretty much everyone just uses those five.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on February 14, 2014, 01:14:48 am
Quote
How many nodes are currently participating in the UNL consensus aspect of the Ripple network?   Has anyone produced a network topology of a directed graph of UNL lists?
We're hoping to have a transition to a large number of distributed validators well underway around June. Currently, Ripple Labs runs five validators and pretty much everyone just uses those five.

I see, this is much how I was planning on using consensus to launch BitShares X.  Start with a few nodes and then grow to be more distributed.    Good to know that a fully distributed Ripple system is still in development.   

From my perspective I just need a way to agree on a transaction set... this consensus could be entirely generic based upon blobs of data.   

I am sure in the future the best of these techniques will find a home in BTS/AGS/BitShares X systems.
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: clout on March 10, 2014, 06:12:29 pm
Why can't coin days be capped by less than 365 days?
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: bytemaster on March 10, 2014, 07:05:21 pm
Why can't coin days be capped by less than 365 days?

365 Days is the inactivity period. 
Title: Re: Transactions as Proof-of-Stake & The End of Mining
Post by: clout on March 10, 2014, 08:58:06 pm
Why can't coin days be capped by less than 365 days?

365 Days is the inactivity period. 

If that period is reduced is the network more secure?

Or can capping cdd by any one node make the network secure?

Also if you use unl does that mean that block production and confirmation from cdd would be more immediate?

Lastly in the unl systems do u essentially vote with your cdd for which un you want to produce the next block and whichever un is the most trusted gets the most cdd's or is it that once un are selected into the list they are chosen in a lottery fashion to produce next block?

I'm trying to understand the consensus technology better. Sry if these are silly/trivial questions.
Title: Re: Transactions as Proof-of-Stake &amp; The End of Mining
Post by: alkan on December 03, 2016, 10:48:04 pm
I am really looking for attacks on my pos system


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
can we develop a system to avoid the 51% attack totally , I have some thinking , in democratic society, one person have  larger  power and he only have one vote,  a node have larger power of hash ,it is only mean  he have the larger capacity for mining,  not the larger power of main chain,
we can think as following
1. one node cannot find two continuous bolck
2. the difficulty of every node is different,  for example if the node not find the bolck in 10min , the difficulty is same as the normal  difficulty, but if the node can one bolck in 10 min the difficulty become the 2*normal difficulty ,  if find 3 bolck in 10min ,the difficulty become the 4*normal difficulty , and so on ,   if we need to 6 bolck confirm , though a man have 51% power of hash , he also cannot carry out 51% attack.

There is no way to identify nodes, all we have is 'information'.   Difficulty is irrelevant because proof-of-stake determines longest block and nodes cannot cheat this.   Just like any company where a shareholder who owns 51% of the stock can do anything they want (more or less), the same applies to DACs.   There is no way around the 51% ownership attack in a world subject to sybil attacks.

It seems that individual difficulty can indeed be used to avoid sybil attacks, as I decribe in my post https://bitcointalk.org/index.php?topic=1702796.0. While you cannot prevent an 51% ownership attack under any circumstances, you can make it economically unattrative so that no rational attacker would attempt it.