BitShares Forum
Main => General Discussion => Topic started by: bytemaster on March 28, 2014, 05:35:05 am
-
Assumptions:
With the shares system we have an easy way to vote on anything.
With the TaPOS system the transaction ledger becomes immutable automatically over time as the ledger is confirmed by everyone on the network.
Generating the next block should be as efficient as possible to maximize dividends.
Transaction validation should be as quick as possible.
Solution:
Shareholders vote (off chain) on a trustee.
Trustee generates blocks every 30 seconds (or at will..... no need to require any particular rate)
If trustee is compromised or shutdown, shareholders can elect a new trustee by broadcasting their vote.
Once a new trustee has 51% of the shareholders support the network continues.
As a trustee you cannot double spend (you will be caught and fired).
As a trustee you cannot perform Denial of Service without being caught and fired.
As a trustee you cannot be coerced without being let go.
As a shareholder this maximizes your value (dividends, transaction speed, no potential of forks).
A trustee is not a paid position and requires almost no resources to run. A trustee could even operate behind a tor node.
The result is like a 'constitutional company' where the laws are entirely defined in the constitution and the 'president' can be recalled at any time and has almost no power even when in office.
This same process can be used to resolve when a hard fork goes into effect.
Thoughts?
-
Shareholders vote (off chain) on a trustee.
If trustee is compromised or shutdown, shareholders can elect a new trustee by broadcasting their vote.
Why offchain? Why not onchain much like memorycoin is doing it?
Once a new trustee has 51% of the shareholders support the network continues.
What if you have 3 parties with ~33% each? What if there is _no_ consensus?
Personally I like the benefits .. but i dislike having one note generating the blocks ..
What about passing the trustee-ticket around after each block .. much like nxt's transparent forging?
The result is like a 'constitutional company' where the laws are entirely defined in the constitution and the 'president' can be recalled at any time and has almost no power even when in office
+5%
-
The benefits do appear to be considerable, but I'm not sure how exactly this is supposed to work. I'm fairly new to all this, but here are some of the questions that come to my mind after reading this:
You say running a "trustee" requires no resources and is a non-paid position, does that mean anyone can do this from their personal computer?
Or will this become a centralized function with only a couple major trustees?
Is the voting something that is done automatically by our respective clients, or manually? If so, how do we determine whether a trustee is honest or not?
One of the things that've attracted me to Bitshares is that you generally explain very clearly what are the incentives for being part of the system, for mining/staking or whatever it is, but here I don't see the incentive for running a trustee besides the obvious "good of the system"..
-
Assumptions:
With the shares system we have an easy way to vote on anything.
With the TaPOS system the transaction ledger becomes immutable automatically over time as the ledger is confirmed by everyone on the network.
Generating the next block should be as efficient as possible to maximize dividends.
Transaction validation should be as quick as possible.
Solution:
Shareholders vote (off chain) on a trustee.
Trustee generates blocks every 30 seconds (or at will..... no need to require any particular rate)
If trustee is compromised or shutdown, shareholders can elect a new trustee by broadcasting their vote.
Once a new trustee has 51% of the shareholders support the network continues.
As a trustee you cannot double spend (you will be caught and fired).
As a trustee you cannot perform Denial of Service without being caught and fired.
As a trustee you cannot be coerced without being let go.
As a shareholder this maximizes your value (dividends, transaction speed, no potential of forks).
A trustee is not a paid position and requires almost no resources to run. A trustee could even operate behind a tor node.
The result is like a 'constitutional company' where the laws are entirely defined in the constitution and the 'president' can be recalled at any time and has almost no power even when in office.
This same process can be used to resolve when a hard fork goes into effect.
Thoughts?
this "trustee" is only one PC/IP?
why not having more of them and let them - 3, 5, 7 or 9 PCs - work together to share the multiple risks of running only one
as an example: the master-trustee is only doing the sequence of the transactions of the network
this master has to be back-upped by two silent master-trustees - second and third, who are going to work when the first master does not work anymore
after the correct order of the transactions the "slave"-trustees are finishing the transactions by generating the blocks into the chain
-
Based on what would voters decide the on the trustee(s)? If real world identity is not revealed their is not much fundamentals which you can base your vote on. If real world identity is revealed there is the danger of trustee shut-down.
There would also be more potential for corruption than with NXT, because a briber would have time to approach the trustee. I don't know how long in advance the next one to find a block is known with NXT but the short time window would make it very unlikely to get a deal going...
Was there a solution for 'who finds the next block' with TaPOS other than this one up to now?
Side note: Maybe different types of TaPOS / POS should be considered for different applications. Some applications (Lotto, Me, Music etc.) might need more efficiency, some might need more trustlessness/no central point of failure.
-
Here is another proposal (not sure if this would work):
Every stakeholder locks in a vote for a trustee which can be changed at any time. The chance for finding the next block is random but depends on a mix of your stake size and your trust rating you got from others. This could be combined with a ripple consensus: As far as I know with ripple there is a list of trusted nodes who vote on which transactions are included in the next block. Here such a list would be all stakeholders that turned (that turned mining/forging on) but the "weight" of your vote depends on your stake size and your trust rating.
Wasn't a combination of ripple style consensus and POS considered before?
-
Does Tapos plus pow not work?
-
What happened to the ideology that everything that can be decentralized will be decentralized?
-
Side note: Maybe different types of TaPOS / POS should be considered for different applications. Some applications (Lotto, Me, Music etc.) might need more efficiency, some might need more trustlessness/no central point of failure.
+5%
-
What's the concern to post this solution, is it to solve efficiency and performance?
-
This might be too much to ask for common shareholders. I don't really want to have to worry about trusting someone even if they will eventually get fired if they double spend. Isn't this defeating the whole purpose of a decentralized system?
-
Maybe I don't get the difference between security and block production, but I don't understand why whatever node with the most cdd can't produce the next block. Or make it a more ambiguous standard for block production that may not be probabilisticly determined. Which ever node has the median cdd in broadcasted set of transactions produces the next block. Or would it even matter if this was randomly determined out of those destroying coin days at given time?
-
IMO we probably shouldn't be trying to prevent every single possible inefficiency. The law of diminishing returns kicks in. There is no way to engineer anything into perfection. Sometimes you just have to release something into the wild and see what happens. Also, computer hardware is increasing at an exponential rate, the recent slash of Google drive storage prices shows this, what I mean is that every year that goes by we have more storage capabilities at a cheaper price so having something akin to a full Bitcoin node storing say 30 GB of information is not an issue in the longterm. As internet speeds are getting faster as well as storage speeds. Google fiber gives you 1,024 Mega Bits per second and only costs $70 and it will be deployed to more cities here soon.
-
There is always a window of opportunity before one gets fired. How much damage can be done before one gets fired? Firing someone is reactive.
51% is too much. See MemoryCoin. They could only get 5% to participate in voting.
Whoever gets that position "could" take advantage and do damage before 51% rally to correct it.
-
If Bitshares x could reach that kind of speed for validating transaction will be amazing and it is worth taking in consideration.
The problems I see :
- No more decentralized
- One trustee one point of failure, the DDOS attack will be hard to prevent
If trustee is compromised or shutdown, shareholders can elect a new trustee by broadcasting their vote.
Once a new trustee has 51% of the shareholders support the network continues.
Not clear. How long it takes the voting process , meanwhile all transactions are stooped ? Can you elaborate more on the voting process ?
-
There is always a window of opportunity before one gets fired. How much damage can be done before one gets fired? You are essentially making someone President or CEO of the chain, which is a step away from decentralization.
51% is too much. See MemoryCoin. They could only get 5% to participate in voting.
Whoever gets that position "could" take advantage and do damage before 51% rally to correct it.
+5%
I agree that we probably won't get 51% of people to vote. Great damage will probably be done before 51% vote. We might as well just go with POW for.
-
Assumptions:
With the shares system we have an easy way to vote on anything.
With the TaPOS system the transaction ledger becomes immutable automatically over time as the ledger is confirmed by everyone on the network.
Generating the next block should be as efficient as possible to maximize dividends.
Transaction validation should be as quick as possible.
Solution:
Shareholders vote (off chain) on a trustee.
Trustee generates blocks every 30 seconds (or at will..... no need to require any particular rate)
If trustee is compromised or shutdown, shareholders can elect a new trustee by broadcasting their vote.
Once a new trustee has 51% of the shareholders support the network continues.
As a trustee you cannot double spend (you will be caught and fired).
As a trustee you cannot perform Denial of Service without being caught and fired.
As a trustee you cannot be coerced without being let go.
As a shareholder this maximizes your value (dividends, transaction speed, no potential of forks).
A trustee is not a paid position and requires almost no resources to run. A trustee could even operate behind a tor node.
The result is like a 'constitutional company' where the laws are entirely defined in the constitution and the 'president' can be recalled at any time and has almost no power even when in office.
This same process can be used to resolve when a hard fork goes into effect.
Thoughts?
The trustee seems to be a single point of failure. Why do we want that?
Speed isn't everything and even if you want speed, you can always optimize for speed later.
Trust? I thought the whole point is not to have to trust. If we have to trust it's starting to look a lot like Ripple.
The one way I would support this idea of having a trustee is to make it a conglomerate of trustees. These trustees would have to be anonymous, numbering in the hundreds rather than just 1, and they'd have to be selected completely at random from a pool rather than voted on.
Random select 100 or so from a pool to be the trustee conglomerate. Then randomly choose a trustee for different transactions. We should want as many trustees as possible, spread out around the globe. So perhaps a cellphone app?
The problem is if you don't pay someone something then why would they take the risk?
It reminds me of Tor nodes, it could work if there are enough of them I suppose but it's not decentralized enough if there aren't plenty of nodes.
-
When and whatever Bitshares looks like when it officially gets released many things will happen that weren't 'according to plan.' The best that can be done is trial and error. A hard reset of Bit shares may be required but that is OK. We simply get back up and try again.
-
Generating the next block should be as efficient as possible to maximize dividends.
Transaction validation should be as quick as possible.
What are we talking about here in terms of increased efficiency and faster transactions? If the advantage is it will be a significant amount more efficient and significant amount faster, which in terms makes it much more usable for actual users of the system and profitable for shareholders, I say go ahead and find someone.
Would it be possible for i3 to be the (initial) trustee, they probably have the most BTS so their stake in the success of the operation makes them a good candidate and they have the technology means to set up the backup systems to make sure there is no disconnect with the network.
-
I think decentralization, scalability and long term sustainability are more important than trust, profits, and performance. Efficiency is important but not if you have to give up on the core principles.
Having a pyramid style deterministic hierarchy of trustees to me seems to be the ugliest design from an adherence to core principles perspective. If it's not more decentralized than Bitcoin then why get rid of mining only to lose an advantage somewhere else?
You can make it decentralized with the trustee method, so I'm not completely against that.
But the way Bytemaster described it doesn't sound very decentralized, and lacks the element of chance, of randomness which in my opinion is necessary for security.
Maybe it could be done like this but selling it to the decentralization community is going to be hard unless it can be shown that it's less centralized than Bitcoin, Litecoin, and others.
If there must be a sort of "CEO" or "President" of Bitshares as the trustee, it adheres to a set of principles which promote the thinking which backs government/corporate hierarchy. This is why I recommend treating it more like a pool of nodes where an individual node is randomly selected and attempt to grow the pool of nodes as large as possible. Utilize the organic emergent properties.
This way many nodes will get a chance to be a trustee and it's not just one chief node at the top. The last thing we need is a pyramid at the heart of the chain in my opinion.
Generating the next block should be as efficient as possible to maximize dividends.
Transaction validation should be as quick as possible.
What are we talking about here in terms of increased efficiency and faster transactions? If the advantage is it will be a significant amount more efficient and significant amount faster, which in terms makes it much more usable for actual users of the system and profitable for shareholders, I say go ahead and find someone.
Would it be possible for i3 to be the (initial) trustee, they probably have the most BTS so their stake in the success of the operation makes them a good candidate and they have the technology means to set up the backup systems to make sure there is no disconnect with the network.
This is the exact scenario I am concerned about. How exactly is Bytemaster going to explain that to the decentralization community? Don't go the route of Ripple unless you're able to form the industry ties with Google.
Peercoin has similar problems and SunnyKing had a difficult time explaining some of his design decisions. Maybe they were necessary for the security of Peercoin but those decisions still have to be explained.
The more centralized it is, the harder it is to explain. Sure the current shareholders are going to want maximum profit but people who are future shareholders are not going to like it if looks like this.
-
What happened to that idea where you could sign for which pool gets to sign for you? Then do deterministic mining picked from any "pool" which has at least 1% of funds. This fixes DDOS and other issues because pools have incentive to become hardened, trusted pools.
Not hierarchal, the pool you sign your votes to cannot then sign them onto another pool or anything.
Is this what NXT does? Except they have an incentive for pooling more and more funds. We could give worse returns with larger pools after a certain threshold. This doesn't prevent large pools from splitting up their funds, but it gives small pools a way to butt in.
-
What if the trustee offers shareholders something in return for modifying the block chain
-
If Bitshares x could reach that kind of speed for validating transaction will be amazing and it is worth taking in consideration.
The problems I see :
- No more decentralized
- One trustee one point of failure, the DDOS attack will be hard to prevent
If trustee is compromised or shutdown, shareholders can elect a new trustee by broadcasting their vote.
Once a new trustee has 51% of the shareholders support the network continues.
Not clear. How long it takes the voting process , meanwhile all transactions are stooped ? Can you elaborate more on the voting process ?
The voting could take place well in advance and there could be contingency keys lined up. There could even be a panel that is elected where the panel in turn selects the active trustee but could act quickly to fire him.
DDOS is not really possible because the network would still be broadcast based and the trustee would likely have multiple redundant nodes all over the world ready to sign blocks if there were an issue.
The critical point here is that voting for the trustee can be a continuous process and there can be a chain of command. 51% may not be necessary if you assume people can set up delegates to vote on their behalf. Everyone elects their own representative and they in turn get a vote proportional to their constituency.
The main take away from this is that there are many ways to address this to support rapid, efficient failover.
-
What if the trustee offers shareholders something in return for modifying the block chain
All nodes must still validate the chain. Trustee is not the source of the security and has very little power beyond about 24 hours. If 51% of the shareholders want something different then you would get a hard fork even with bitcoin.
-
If it isn't sufficiently efficient from the get go, the door to competition who will find a way to make it increasingly efficient will be wide open. I don't like the idea of centralizing this at all, but I also figure bytemaster is bringing this to us now because there isn't another viable way at the moment that won't cause other headaches or delays in getting BTS launched.
-
If it isn't sufficiently efficient from the get go, the door to competition who will find a way to make it efficiently efficient will be wide open. I don't like the idea of centralizing this at all, but I also figure bytemaster is bringing this to us now because there isn't another viable way at the moment that won't cause other headaches or delays in getting BTS launched.
As this subject is very 'touchy' I do want to let everyone know that I am a firm believer in decentralizing POWER. I am also committed to finding solutions that eliminate single points of failure. I also recognize that decentralization brings its own security concerns.
1) All of the random selection techniques discussed here (and with Nxt) depend upon people putting their private keys at risk. So rather than trusting a trustee, everyone has to trust their computer not to get hacked.
2) All of the random selection (mining + POS / etc ) techniques have potential for forks (even if just for a few blocks) and this potential is highly problematic.
3) Everything in life is about tradeoffs.... so lets focus on decentralizing power in the most efficient manner.
Identify the failure modes in the various systems and you will conclude:
1) Trustee model is more decentralized than Ripple because the Trustee has less power than Ripple's inner nodes have.
2) Mining results in a kind of centralization and de-facto trustee that cannot be fired
3) POS requires peoples keys to be kept on line and ultimately a minority of nodes will participate in block generation
-
What happened to that idea where you could sign for which pool gets to sign for you? Then do deterministic mining picked from any "pool" which has at least 1% of funds. This fixes DDOS and other issues because pools have incentive to become hardened, trusted pools.
Not hierarchal, the pool you sign your votes to cannot then sign them onto another pool or anything.
Is this what NXT does? Except they have an incentive for pooling more and more funds. We could give worse returns with larger pools after a certain threshold. This doesn't prevent large pools from splitting up their funds, but it gives small pools a way to butt in.
This is effectively no different than nominating a board of directors who then nominate the active CEO.
-
It is different because there is no ceo thay can get hit with a truck. I'm thinking about how smoothly the nextwork transitions to another signing authority
Sent from my SCH-I535 using Tapatalk
-
If it isn't sufficiently efficient from the get go, the door to competition who will find a way to make it efficiently efficient will be wide open. I don't like the idea of centralizing this at all, but I also figure bytemaster is bringing this to us now because there isn't another viable way at the moment that won't cause other headaches or delays in getting BTS launched.
As this subject is very 'touchy' I do want to let everyone know that I am a firm believer in decentralizing POWER. I am also committed to finding solutions that eliminate single points of failure. I also recognize that decentralization brings its own security concerns.
1) All of the random selection techniques discussed here (and with Nxt) depend upon people putting their private keys at risk. So rather than trusting a trustee, everyone has to trust their computer not to get hacked.
2) All of the random selection (mining + POS / etc ) techniques have potential for forks (even if just for a few blocks) and this potential is highly problematic.
3) Everything in life is about tradeoffs.... so lets focus on decentralizing power in the most efficient manner.
Identify the failure modes in the various systems and you will conclude:
1) Trustee model is more decentralized than Ripple because the Trustee has less power than Ripple's inner nodes have.
2) Mining results in a kind of centralization and de-facto trustee that cannot be fired
3) POS requires peoples keys to be kept on line and ultimately a minority of nodes will participate in block generation
I don't think there is any gray area when it comes to decentralization. Either you are, or you are not. There is no partial compromise. Since most people will be operating within the borders of existing government laws, true decentralization wil never be achieved. You must do what you think is best.
-
Identify the failure modes in the various systems and you will conclude:
1) Trustee model is more decentralized than Ripple because the Trustee has less power than Ripple's inner nodes have.
2) Mining results in a kind of centralization and de-facto trustee that cannot be fired
3) POS requires peoples keys to be kept on line and ultimately a minority of nodes will participate in block generation
I simply don't understand the technical aspects of block production, but why must private keys be used in this process?
-
With proof of stake your private key is your proof.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
-
I'd prefer to trust in my ability to protect my private key than to trust a trustee. A digital company shouldn't require any voting or representatives to vote on behalf of shareholders. Otherwise it defeats the purpose of calling it a DAC because it is no longer autonomous in the slightest sense because instead of the code taking care of that now we have to rely on people.
-
If it isn't sufficiently efficient from the get go, the door to competition who will find a way to make it efficiently efficient will be wide open. I don't like the idea of centralizing this at all, but I also figure bytemaster is bringing this to us now because there isn't another viable way at the moment that won't cause other headaches or delays in getting BTS launched.
As this subject is very 'touchy' I do want to let everyone know that I am a firm believer in decentralizing POWER. I am also committed to finding solutions that eliminate single points of failure. I also recognize that decentralization brings its own security concerns.
1) All of the random selection techniques discussed here (and with Nxt) depend upon people putting their private keys at risk. So rather than trusting a trustee, everyone has to trust their computer not to get hacked.
2) All of the random selection (mining + POS / etc ) techniques have potential for forks (even if just for a few blocks) and this potential is highly problematic.
3) Everything in life is about tradeoffs.... so lets focus on decentralizing power in the most efficient manner.
Identify the failure modes in the various systems and you will conclude:
1) Trustee model is more decentralized than Ripple because the Trustee has less power than Ripple's inner nodes have.
2) Mining results in a kind of centralization and de-facto trustee that cannot be fired
3) POS requires peoples keys to be kept on line and ultimately a minority of nodes will participate in block generation
I don't think there is any gray area when it comes to decentralization. Either you are, or you are not. There is no partial compromise. Since most people will be operating within the borders of existing government laws, true decentralization wil never be achieved. You must do what you think is best.
The way I would put it is: "Decentralization is a philosophy and a powerful tool, not the automatic answer to every design question." :)
-
Assumptions:
With the shares system we have an easy way to vote on anything.
With the TaPOS system the transaction ledger becomes immutable automatically over time as the ledger is confirmed by everyone on the network.
Generating the next block should be as efficient as possible to maximize dividends.
Transaction validation should be as quick as possible.
Solution:
Shareholders vote (off chain) on a trustee.
Trustee generates blocks every 30 seconds (or at will..... no need to require any particular rate)
If trustee is compromised or shutdown, shareholders can elect a new trustee by broadcasting their vote.
Once a new trustee has 51% of the shareholders support the network continues.
As a trustee you cannot double spend (you will be caught and fired).
As a trustee you cannot perform Denial of Service without being caught and fired.
As a trustee you cannot be coerced without being let go.
As a shareholder this maximizes your value (dividends, transaction speed, no potential of forks).
A trustee is not a paid position and requires almost no resources to run. A trustee could even operate behind a tor node.
The result is like a 'constitutional company' where the laws are entirely defined in the constitution and the 'president' can be recalled at any time and has almost no power even when in office.
This same process can be used to resolve when a hard fork goes into effect.
Thoughts?
Does this have the potential to delay the release of ME/XTS/Lotto/DNS .? I assumed the end of March for the first DAC (ME) to be released... :o
-
With proof of stake your private key is your proof.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Do you mean private keys have to be risked with POS (forging) because they can not be used for forging when they are in cold storage?
-
2) Mining results in a kind of centralization and de-facto trustee that cannot be fired
This is misleading. With this comparison, there would only be a singular "de-facto trustee" if someone controls 51% of the network. Otherwise the "de-facto trustee" is the collective group of miners. If you're referring to the pool operators as the "de-facto trustee" that assumes that they control the net mining power of their pool. We've already seen with bitcoin that when pools get too big, people will stop mining within them.
With a trustee, you're talking about centralizing control, hiding it behind a Tor node, and leaving it up to the shareholders to fire the trustee if they think they're acting to harm the network. How would you even elect a trustee in the first place? Campaigning?
-
With proof of stake your private key is your proof.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Do you mean private keys have to be risked with POS (forging) because they can not be used for forging when they are in cold storage?
They don't if you can sign for a delegate! Keep 90% in cold storage and have your 10% hot wallet sign for all of them. You could easily have revocation keys so you wouldn't have to take your shares out of cold storage to take away the voting power if your hot wallet is swiped.
-
With proof of stake your private key is your proof.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Do you mean private keys have to be risked with POS (forging) because they can not be used for forging when they are in cold storage?
They don't if you can sign for a delegate! Keep 90% in cold storage and have your 10% hot wallet sign for all of them. You could easily have revocation keys so you wouldn't have to take your shares out of cold storage to take away the voting power if your hot wallet is swiped.
I was thinking something similar. Why couldn't you link your address to another address that has zero coins assigned to it. You could then put your real wallet into cold storage and the empty wallet could provide security through POS. If someone hacks my PC they would only get my voting power, and only until I pulled my wallet out of cold storage and used it to sign a new block with a new link. Am I making sense? Could this work?
-
I feel like with TaPOS you need a lot of people to keep their keys online to secure the network, but then they might be hacked and lose their shares. With a trustee, you need enough people to be interested in voting to achieve that 51% threshold, and you need a way to determine who everyone is voting for that risks as little as possible.
-
With proof of stake your private key is your proof.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Do you mean private keys have to be risked with POS (forging) because they can not be used for forging when they are in cold storage?
They don't if you can sign for a delegate! Keep 90% in cold storage and have your 10% hot wallet sign for all of them. You could easily have revocation keys so you wouldn't have to take your shares out of cold storage to take away the voting power if your hot wallet is swiped.
I was thinking something similar. Why couldn't you link your address to another address that has zero coins assigned to it. You could then put your real wallet into cold storage and the empty wallet could provide security through POS. If someone hacks my PC they would only get my voting power, and only until I pulled my wallet out of cold storage and used it to sign a new block with a new link. Am I making sense? Could this work?
You don't need zerocoin for this, but the idea is similar to a zerocoin "ticket". You just put a hash of a serial in the same transaction where you sign the delegate, and the rule is that if the network sees the original serial then it considers the delegation revoked. This way you can take away voting power without taking your shares out of cold storage. Voting for a new delegate signer would require you to move the cold shares though.
-
I don't know that I completely understand the power that the trustee(s) have and what happens if all trustees colluded. But, I'm willing to reserve judgement if you think it's the best system and give it a shot.
I think that if the mechanisms are not well communicated there would be a lot of FUD that would affect initial demand/value.
-
With proof of stake your private key is your proof.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Do you mean private keys have to be risked with POS (forging) because they can not be used for forging when they are in cold storage?
They don't if you can sign for a delegate! Keep 90% in cold storage and have your 10% hot wallet sign for all of them. You could easily have revocation keys so you wouldn't have to take your shares out of cold storage to take away the voting power if your hot wallet is swiped.
I was thinking something similar. Why couldn't you link your address to another address that has zero coins assigned to it. You could then put your real wallet into cold storage and the empty wallet could provide security through POS. If someone hacks my PC they would only get my voting power, and only until I pulled my wallet out of cold storage and used it to sign a new block with a new link. Am I making sense? Could this work?
You don't need zerocoin for this, but the idea is similar to a zerocoin "ticket". You just put a hash of a serial in the same transaction where you sign the delegate, and the rule is that if the network sees the original serial then it considers the delegation revoked. This way you can take away voting power without taking your shares out of cold storage. Voting for a new delegate signer would require you to move the cold shares though.
If there is an established means of providing security through PoS that doesn't involve having to leave your wallet online constantly, why not take that approach?
-
I don't know that I completely understand the power that the trustee(s) have and what happens if all trustees colluded. But, I'm willing to reserve judgement if you think it's the best system and give it a shot.
I think that if the mechanisms are not well communicated there would be a lot of FUD that would affect initial demand/value.
A trustee is just a node that asserts it saw a block by signing it. It stops forks, but gives the power to stall the network OR perform a double-spend with cooperation of a large number of shares. They would get caught though, which is actually really important.
-
With proof of stake your private key is your proof.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Do you mean private keys have to be risked with POS (forging) because they can not be used for forging when they are in cold storage?
They don't if you can sign for a delegate! Keep 90% in cold storage and have your 10% hot wallet sign for all of them. You could easily have revocation keys so you wouldn't have to take your shares out of cold storage to take away the voting power if your hot wallet is swiped.
I was thinking something similar. Why couldn't you link your address to another address that has zero coins assigned to it. You could then put your real wallet into cold storage and the empty wallet could provide security through POS. If someone hacks my PC they would only get my voting power, and only until I pulled my wallet out of cold storage and used it to sign a new block with a new link. Am I making sense? Could this work?
You don't need zerocoin for this, but the idea is similar to a zerocoin "ticket". You just put a hash of a serial in the same transaction where you sign the delegate, and the rule is that if the network sees the original serial then it considers the delegation revoked. This way you can take away voting power without taking your shares out of cold storage. Voting for a new delegate signer would require you to move the cold shares though.
If there is an established means of providing security through PoS that doesn't involve having to leave your wallet online constantly, why not take that approach?
Did you see my delegates with revocation certificates suggestion? Comments?
-
I don't know that I completely understand the power that the trustee(s) have and what happens if all trustees colluded. But, I'm willing to reserve judgement if you think it's the best system and give it a shot.
I think that if the mechanisms are not well communicated there would be a lot of FUD that would affect initial demand/value.
The trustee has only one power, to produce blocks that conform to the rules (or not to produce said blocks).
The trustee's power is delegated from the shareholders who can revoke it at any time and appoint a new trustee.
Redundancy is possible in case trustee is compromised.
Trustee cannot change the blockchain rules.
Nodes do not trust the Trustee but validate every single transaction.
Trustee cannot create alternative chains or get away with double spend attacks.
Without a trustee all other technical solutions are attempts to do the following:
1) Randomly select someone proportional to their stake in the system... they become 'trustee for a block'.
2) Pay / Punish this person for not producing a block.
As soon as you have this random selection you simultaneously open up the network for random attacks by anonymous parties. The sheer number of hypothetical attacks that are possible under these 'random selection' processes means that the network is likely less secure and predictable. All of a sudden people start mining blocks that exclude bids/asks to their benefit or to trigger margin calls. Put another way, randomly selecting people to produce blocks gets you 'average' performance and 'random' manipulation. Delegating through your proof of stake to a trustee maximizes the predictability and fairness of the chain.
Remember, true decentralization is competition and reduction of barriers to entry.
-
Did you see my delegates with revocation certificates suggestion? Comments?
Effectively 'delegation' using your stake is exactly what I am proposing. Person A delegates to person B, who in turn can delegate to person C. Eventually all of the delegates have to arrive at a 51% consensus on who produces the next block. If someone sets up some software in a 'set it and forget it' manner then the network is perfectly safe unless this person is attacked. If they are attacked then the network can quickly appoint (probably pre-arranged) the fallback.
At any time someone with stake can change who they delegate their vote to.
If we can stay objective here and identify what attack we are afraid of and define what we are attempting to defend against in the most clear way possible then we can find the best solution. Get to the *root* of the problem and solve that.
Without getting to the root we have solutions in search of problems and we end up paying for things that we do not need or even want (mining).
-
Did you see my delegates with revocation certificates suggestion? Comments?
Effectively 'delegation' using your stake is exactly what I am proposing. Person A delegates to person B, who in turn can delegate to person C. Eventually all of the delegates have to arrive at a 51% consensus on who produces the next block. If someone sets up some software in a 'set it and forget it' manner then the network is perfectly safe unless this person is attacked. If they are attacked then the network can quickly appoint (probably pre-arranged) the fallback.
This is exactly what I'm interested in, how can we make this failover more automatic or not really look like failover (where I was going with nxt style queue).
I want to give a preference ordering on trustees, weighted by stake I'm willing to give.
-
I don't know if its just me but I feel like so much of this lies in theory and not in evidence. Why wouldn't you try to see how tapos + mining works, before you discard it.
-
The trustee has only one power, to produce blocks that conform to the rules (or not to produce said blocks).
...
Trustee cannot change the blockchain rules.
Nodes do not trust the Trustee but validate every single transaction.
Trustee cannot create alternative chains or get away with double spend attacks.
This seems to make sense to me.
On some level it seems that a successful DAC will still need people who take on leadership roles (and could be bad if we don't have such people). Every crypto has centralized development. Being able to delegate your voting rights / stake to someone you trust who in turn can delegate further may be as good a way as any. Maybe if Keyhotee is more developed it also becomes easier to build trust for individuals?
-
Assumptions:
With the shares system we have an easy way to vote on anything.
With the TaPOS system the transaction ledger becomes immutable automatically over time as the ledger is confirmed by everyone on the network.
Generating the next block should be as efficient as possible to maximize dividends.
Transaction validation should be as quick as possible.
Solution:
Shareholders vote (off chain) on a trustee.
Trustee generates blocks every 30 seconds (or at will..... no need to require any particular rate)
If trustee is compromised or shutdown, shareholders can elect a new trustee by broadcasting their vote.
Once a new trustee has 51% of the shareholders support the network continues.
As a trustee you cannot double spend (you will be caught and fired).
As a trustee you cannot perform Denial of Service without being caught and fired.
As a trustee you cannot be coerced without being let go.
As a shareholder this maximizes your value (dividends, transaction speed, no potential of forks).
A trustee is not a paid position and requires almost no resources to run. A trustee could even operate behind a tor node.
The result is like a 'constitutional company' where the laws are entirely defined in the constitution and the 'president' can be recalled at any time and has almost no power even when in office.
This same process can be used to resolve when a hard fork goes into effect.
Thoughts?
Does this have the potential to delay the release of ME/XTS/Lotto/DNS .? I assumed the end of March for the first DAC (ME) to be released... :o
anyone to comment on this?
-
Assumptions:
With the shares system we have an easy way to vote on anything.
With the TaPOS system the transaction ledger becomes immutable automatically over time as the ledger is confirmed by everyone on the network.
Generating the next block should be as efficient as possible to maximize dividends.
Transaction validation should be as quick as possible.
Solution:
Shareholders vote (off chain) on a trustee.
Trustee generates blocks every 30 seconds (or at will..... no need to require any particular rate)
If trustee is compromised or shutdown, shareholders can elect a new trustee by broadcasting their vote.
Once a new trustee has 51% of the shareholders support the network continues.
As a trustee you cannot double spend (you will be caught and fired).
As a trustee you cannot perform Denial of Service without being caught and fired.
As a trustee you cannot be coerced without being let go.
As a shareholder this maximizes your value (dividends, transaction speed, no potential of forks).
A trustee is not a paid position and requires almost no resources to run. A trustee could even operate behind a tor node.
The result is like a 'constitutional company' where the laws are entirely defined in the constitution and the 'president' can be recalled at any time and has almost no power even when in office.
This same process can be used to resolve when a hard fork goes into effect.
Thoughts?
Does this have the potential to delay the release of ME/XTS/Lotto/DNS .? I assumed the end of March for the first DAC (ME) to be released... :o
anyone to comment on this?
This change has accelerated the process. I think I could release something prior to going to NYC... but don't want to launch a chain and then be gone on travel for a week.
I think I will launch the test-test prior to NYC... then the real XT network when I get back. Of course all software development times are estimates.
-
Assumptions:
With the shares system we have an easy way to vote on anything.
With the TaPOS system the transaction ledger becomes immutable automatically over time as the ledger is confirmed by everyone on the network.
Generating the next block should be as efficient as possible to maximize dividends.
Transaction validation should be as quick as possible.
Solution:
Shareholders vote (off chain) on a trustee.
Trustee generates blocks every 30 seconds (or at will..... no need to require any particular rate)
If trustee is compromised or shutdown, shareholders can elect a new trustee by broadcasting their vote.
Once a new trustee has 51% of the shareholders support the network continues.
As a trustee you cannot double spend (you will be caught and fired).
As a trustee you cannot perform Denial of Service without being caught and fired.
As a trustee you cannot be coerced without being let go.
As a shareholder this maximizes your value (dividends, transaction speed, no potential of forks).
A trustee is not a paid position and requires almost no resources to run. A trustee could even operate behind a tor node.
The result is like a 'constitutional company' where the laws are entirely defined in the constitution and the 'president' can be recalled at any time and has almost no power even when in office.
This same process can be used to resolve when a hard fork goes into effect.
Thoughts?
Does this have the potential to delay the release of ME/XTS/Lotto/DNS .? I assumed the end of March for the first DAC (ME) to be released... :o
anyone to comment on this?
This change has accelerated the process. I think I could release something prior to going to NYC... but don't want to launch a chain and then be gone on travel for a week.
I think I will launch the test-test prior to NYC... then the real XT network when I get back. Of course all software development times are estimates.
Oook :) Thought ME and XTS would be out in March. But no need to rush anything! This will be a longer competition...
-
Personally I don't like the single block issuing authority, nor the democracy that is used to select it. Putting people into the mix seems like a bad idea.
If this is what you need to do to in order to quickly release a stable product then I would support it, but with the stated of goal of launching a POS blockchain that is a little more decentralized, and autonomous.
Now I'm a very small fish, and if I sold all of the BTS-XT I had immediately on launch it would hardly be noticed, but I think others might feel like I do and not be interested in the final product if its going to involve human voting to centralize power. Even if that power is temporary and transparent.
The thought that sprang to mind from your analogy of constitutional government was "Look how thats turned out in the past"
Most of what I know about POS I learned reading this very forum. If I'm completely off someone please let me know. Is the only real drawback to POS that you have to keep your wallet online? Cause that seems like it would be really easy to fix.
-
What's the difference between this method and the transparent forging of NXT? That's looks very similar.
-
Effectively 'delegation' using your stake is exactly what I am proposing. Person A delegates to person B, who in turn can delegate to person C. Eventually all of the delegates have to arrive at a 51% consensus on who produces the next block. If someone sets up some software in a 'set it and forget it' manner then the network is perfectly safe unless this person is attacked. If they are attacked then the network can quickly appoint (probably pre-arranged) the fallback.
At any time someone with stake can change who they delegate their vote to.
I proposed something quite similar to this two weeks ago in the TaPoS thread: https://bitsharestalk.org/index.php?topic=3623.msg46238#msg46238
The only difference was that my proposal was to allow delegation of mining / minting power, rather than election of a singleton dictator to produce blocks.
-
With proof of stake your private key is your proof.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Do you mean private keys have to be risked with POS (forging) because they can not be used for forging when they are in cold storage?
They don't if you can sign for a delegate! Keep 90% in cold storage and have your 10% hot wallet sign for all of them. You could easily have revocation keys so you wouldn't have to take your shares out of cold storage to take away the voting power if your hot wallet is swiped.
This is a very good idea.
-
The sheer number of hypothetical attacks that are possible under these 'random selection' processes means that the network is likely less secure and predictable.
Since basically all existing cryptocurrencies use mining -- and the few proof-of-stake use another "random selection process" -- I would say that we have plenty of extensive, at-scale, real-world experience about networks that use random selection processes. Random selection has its share of problems -- the Great Bitcoin Fork comes to mind -- but the trustee approach has a lot more unknown unknowns.
All of a sudden people start mining blocks that exclude bids/asks to their benefit or to trigger margin calls.
As I pointed out back when the UNL was proposed, centralization allows for transaction censorship. A trustee may exclude a transaction indefinitely; as long as they're a trustee, there is no way to guarantee they'll be tossed out for excluding any particular transaction. Whereas with random selection, assuming everyone controls less than p percent of the block production capability, the probability that the transaction hasn't been included after n blocks is bounded above by p^-n. Since p < 1/2 (otherwise someone has already owned the network with a 51% attack), this means your transaction will be included within very few blocks with very high probability.
All of the random selection techniques discussed here (and with Nxt) depend upon people putting their private keys at risk.
As I've recommended in at least two other threads, you can allow nodes to delegate mining / minting power. Allowing someone to revocably sign over their block production capacity does not require all block production to be channeled through a single dictator node.
All of the random selection (mining + POS / etc ) techniques have potential for forks (even if just for a few blocks) and this potential is highly problematic.
How exactly does the trustee approach avoid forks? If there's e.g. a network split, won't one side of the split see the trustee's offline and elect a new trustee, and the other side of the split keep going with the old trustee? How is any decentralized protocol even able to tell the difference between "a bunch of nodes all decided to quit at once" and "we're on the wrong side of a network split"?
Mining results in a kind of centralization and de-facto trustee that cannot be fired
On the contrary, the "trustee" in mining / minting is fired and replaced after every block. Unless the network's been hit by a successful 51% attack, there's at least a 50% chance the new block producer isn't following the same agenda as the old one. It should be obvious how much this limits the damage a rogue block producer can do.
POS requires peoples keys to be kept on line and ultimately a minority of nodes will participate in block generation
This is simply false. As I discussed above, it's totally possible to allow people to revocably delegate the PoS power of their coins while keeping block production decentralized.
-
I want to thank everyone for their feedback so lets address some things:
1) Delegation of your stake is the way most people will prefer to operate. Lets assume that any successful design will depend upon this delegation of votes to 'voting keys' which are independent of 'spending keys'.
2) A single Trustee can periodically abuse their power in 'politically acceptable ways'.... I can see them blocking any transaction attempting to spend funds stolen by the FBI without generating enough uproar to vote them out of office. In effect, the trustee has defacto power to freeze funds of minorities so long as it was politically acceptable of the majority. This is a potential problem, but one that is solved by competition.
3) If viewed as companies, each company is competing in the market and the value of its shares will be based upon how secure their network is and how 'fair' it is. A network run by someone who refused to play politics would gain value much like low-regulation economic regions.
4) There are many ways to select such a trustee and the result of market competition and eliminating barriers to entry would be the best form of decentralization.
Lets think in terms of 'value to customer' vs 'risk to customer' and what is the customer willing to pay?
Lets also realize that this particular problem is very hard and that the *real answer* is to have many competing systems and let the market sort it out. Given the goal of competing systems, it is hard to compete with something when all you have is nothing. So proving the business models work (BTS X anyone?) and then committing to improve DACs is the way to go. I could see the trustee working to decentralize his block production process via Ripple Consensus. I could see voting systems set up.
In bitcoin land, the mining pools are 'delegates' which then direct the voting power of the masses to rapidly resolve forks. Shareholders should delegate their power in similar ways. So long as it is easy to change and unambiguous we would have a solid system. This delegation could even occur on the block chain itself. If it happened on the blockchain the trustee could block votes for anyone else, but this type of hostile takeover is the grounds upon which a fork will be started with a new trustee. Subverting the 'democratic' process supported by the chain would be clear signs that the trustee is no longer in charge.
99% of the time if a hard-fork is required to correct the problem, there will only be a single hard fork and a leader will step up to champion the cause. The market will follow the chain with the most support.
Market is decentralization.
-
What if there were two keys?
Private Key 1 lets you use your balance for forging/processing.
Private key 2 lets you spend the funds.
Private Key 1 can be altered with Private Key 2 making the previous one obsolete.
I don't forge with NXT and support the network because I'm worried about my private key being compromised/hacked if I type it into my computer all the time. But using the above approach (Is it technically possible?) I would be happy to support the network because if my computer was hacked they'd only be able to compromise my processing ability which I'd be able to change back to my control with private key 2 once I noticed someone else was forging my account.
(I'm pretty sure the community would sacrifice cost and efficiency for the sake of a decentralised solution.)
-
In bitcoin land, the mining pools are 'delegates' which then direct the voting power of the masses to rapidly resolve forks. Shareholders should delegate their power in similar ways.
Imo, the mining pools are not 'delegates' directing the voting power of the masses, they are the result of the single biggest unintended major Bitcoin design flaw which allowed hashers to point their power to pools and still earn Bitcoins. That centralisation of power is one of the biggest risks to the future of Bitcoin.
This risk was demonstrated when 1. Ghash.io was used for double spending & 2. Their hashing power grew 15% in the following two months after the incident because enough voting masses (hashers) were obviously only concerned with their short term profitability.
Humans are greedy. Humans when acting as a group almost always choose short term pleasure over long term pain.
I'm pretty sure that any company with a future in this space has to be centred around trusting in maths more than in humans (Whether as voters or leaders) and doing it as decentralised way as possible so that is extremely hard to game or shut down.
-
you!
-
Greetings Bitshares community, I'm a longtime lurker, first time poster.
I have to agree with Dan on this simply for the fact that the bitcoin centralization argument has thus far been nullified in practice, by the realization that the central mining power has little financial incentive to double spend because it will drive down the price of its stake. Yet countless hours have been spent debating this. According to the current market cap of BTC, some amount of centralization works in a real world crypto. If Sato had held back the launch of bitcoin because it was not perfectly 100% decentralized, then many of us would still have our wealth stored in the bank of Cyprus.
If you could quantify and compare the actual real world decentralization flaw risk models between bitcoin and bitshares (with the trustee system), what is the quantitative result? Are we more or less at risk to attack than bitcoin? That is the only question potential investors will have about this since they are simply comparing BTS to the current BTC benchmark, and not some theoretical 100% decentralized, 100% secure Bank of Star Trek crypto yet to be invented.
If this trustee system is at least as secure as centralized ASIC BTC, then we should implement this ASAP. We are not trying to be perfect; we are trying to beat bitcoin. Who is the top crypto out there? Ripple? Can you put a Ripple private key in cold storage? Ethereum? When? In the third quarter? MSC? XCP? Maybe if the bitcoin central authority modifies the code to assist them. NXT? PPC? If you want your private keys exposed.
Yes, all of us have high hopes, and yes, of course a perfectly decentralized model is the ultimate goal of Dan’s DACs. However, the more tangible, and realistic goal which Dan is trying to achieve here is simply a better bitcoin model where the risk imposed by the central authority is simply less.
The Bit-“share” meme conjures up an owner participation alternative to bitcoin, much like Memory Coin, FTC, DOGE, etc. One where the active community of responsible stakeholders is operating like an ant colony under the major incentive which is to ensure a robust system. As with most investments, you cannot simply buy and hold, but must perform due diligence on occasion, and the added effort we must apply because of this trustee model can be considered the necessary due diligence that we must do to ensure the robustness of the system.
We all want our coins sit in cold storage forever and reap mad rewards. This is not Mike Judge’s Idiocracy just yet; today’s investors must still apply effort on occasion. You will still need to move your BTS annually or be penalized with a 5% laziness hit, so vote your shares when you do that. It’s ok to strive for perfection, and maybe Dan will be the first to launch it, but right now, I will settle for being “better than bitcoin”.
Let's help him design the “best” trustee structure, or else that will be the first part of BTS that gets changed in the first “Lightshares” fork. In fact, by opening this to discussion, Dan has just tipped his hand revealing to his competitors what an incredible shortcut in the BTS development process this could be, and that if utilized in the way Dan envisions, would let our competitors get a working “better than bitcoin” product to the market before our perfectly decentralized BTS is launched.
Time is money, and Dan’s time is cutting edge crypto. He possess the vision of Tesla (Ethereum) who was designing a free energy wire around the planet, with the practicality of Edison (BTC), who worked to make the average human’s life easier today. Furthermore, Dan is asking (not telling) us where he should spend his time. Please feel grateful he doesn’t abandon this project all together to go do whatever he wants. He certainly seems capable of that to me. I vote for launch imperfection like Edison, and let Vatalik go insane struggling for perfection if and only if the BTS trustee system is arguably at least as secure as BTC. If it is not as secure, then we must debate the pros and cons.
In short, the main questions crypto investors care about today is this: Where can I get the security of blockchain cold storage at the lowest security cost relative to bitcoin? As soon as that answer is bitshares, then launch it. If I understand Dan correctly, I believe that is what he is saying here. My apologies if I’m wrong.
This seems like we are at a critical fork in the road to the successful BTS launch. A fork that our competitors will be the first to exploit by offering countless alternatives to.
I’ve been lurking here for 5 months without a peep. Why? Simply because I see that the man actually reads these posts. What is five minutes of Dan’s time worth to us?
holy shit... +5%
-
I have to agree with Dan on this simply for the fact that the bitcoin centralization argument has thus far been nullified in practice, by the realization that the central mining power has little financial incentive to double spend because it will drive down the price of its stake.
Time is money, and Dan’s time is cutting edge crypto. He possess the vision of Tesla (Ethereum) who was designing a free energy wire around the planet, with the practicality of Edison (BTC).
1. I don't think we can know how much of the centralisation risk is priced into Bitcoin. I personally decreased my stake by about 40% once I'd analysed it.
Ghash.io for example is owned by who? At 40% plus some unknown hashing power they had a kill switch for Bitcoin they could flip at the most opportune moment. That is worth a lot more than $6 billion to TPTB. Even now, I have to factor a probability that in the event of a major financial event TPTB can decimate Bitcoin by getting to a handful of pool owners.
2. No doubt, the guy's a genius, but with practicality too as you said. I bitch but Bitshares is my biggest investment outside BTC, even though I don't always understand everything from a technical perspective, the quality of his insights into areas I do understand better is astounding & inspiring.
Edit: What's the advantage of holding funds in Bitshares using the trustee model vs. distributing them through a few well known Bitcoin exchanges that have provable BTC reserves & good contingency plans for raids/shut-downs?
-
.dac and Toast both have some great points here. My personal inclination is allowing multisig 1/n POS delegation, but clearly Dan has put a lot more thought into this than I have, so I would encourage him to do as he thinks is best...
-
Greetings Bitshares community, I'm a longtime lurker, first time poster.
This seems like we are at a critical fork in the road to the successful BTS launch. A fork that our competitors will be the first to exploit by offering countless alternatives to.
I’ve been lurking here for 5 months without a peep. Why? Simply because I see that the man actually reads these posts. What is five minutes of Dan’s time worth to us?
+5%
Dan, do whatever you think is the best to the successful BTS launch... you have the best judgement for what we can achieve
-
Greetings Bitshares community, I'm a longtime lurker, first time poster.
I have to agree with Dan on this simply for the fact that the bitcoin centralization argument has thus far been nullified in practice, by the realization that the central mining power has little financial incentive to double spend because it will drive down the price of its stake. Yet countless hours have been spent debating this. According to the current market cap of BTC, some amount of centralization works in a real world crypto. If Sato had held back the launch of bitcoin because it was not perfectly 100% decentralized, then many of us would still have our wealth stored in the bank of Cyprus.
If you could quantify and compare the actual real world decentralization flaw risk models between bitcoin and bitshares (with the trustee system), what is the quantitative result? Are we more or less at risk to attack than bitcoin? That is the only question potential investors will have about this since they are simply comparing BTS to the current BTC benchmark, and not some theoretical 100% decentralized, 100% secure Bank of Star Trek crypto yet to be invented.
If this trustee system is at least as secure as centralized ASIC BTC, then we should implement this ASAP. We are not trying to be perfect; we are trying to beat bitcoin. Who is the top crypto out there? Ripple? Can you put a Ripple private key in cold storage? Ethereum? When? In the third quarter? MSC? XCP? Maybe if the bitcoin central authority modifies the code to assist them. NXT? PPC? If you want your private keys exposed.
Yes, all of us have high hopes, and yes, of course a perfectly decentralized model is the ultimate goal of Dan’s DACs. However, the more tangible, and realistic goal which Dan is trying to achieve here is simply a better bitcoin model where the risk imposed by the central authority is simply less.
The Bit-“share” meme conjures up an owner participation alternative to bitcoin, much like Memory Coin, FTC, DOGE, etc. One where the active community of responsible stakeholders is operating like an ant colony under the major incentive which is to ensure a robust system. As with most investments, you cannot simply buy and hold, but must perform due diligence on occasion, and the added effort we must apply because of this trustee model can be considered the necessary due diligence that we must do to ensure the robustness of the system.
We all want our coins sit in cold storage forever and reap mad rewards. This is not Mike Judge’s Idiocracy just yet; today’s investors must still apply effort on occasion. You will still need to move your BTS annually or be penalized with a 5% laziness hit, so vote your shares when you do that. It’s ok to strive for perfection, and maybe Dan will be the first to launch it, but right now, I will settle for being “better than bitcoin”.
Let's help him design the “best” trustee structure, or else that will be the first part of BTS that gets changed in the first “Lightshares” fork. In fact, by opening this to discussion, Dan has just tipped his hand revealing to his competitors what an incredible shortcut in the BTS development process this could be, and that if utilized in the way Dan envisions, would let our competitors get a working “better than bitcoin” product to the market before our perfectly decentralized BTS is launched.
Time is money, and Dan’s time is cutting edge crypto. He possess the vision of Tesla (Ethereum) who was designing a free energy wire around the planet, with the practicality of Edison (BTC), who worked to make the average human’s life easier today. Furthermore, Dan is asking (not telling) us where he should spend his time. Please feel grateful he doesn’t abandon this project all together to go do whatever he wants. He certainly seems capable of that to me. I vote for launch imperfection like Edison, and let Vatalik go insane struggling for perfection if and only if the BTS trustee system is arguably at least as secure as BTC. If it is not as secure, then we must debate the pros and cons.
In short, the main questions crypto investors care about today is this: Where can I get the security of blockchain cold storage at the lowest security cost relative to bitcoin? As soon as that answer is bitshares, then launch it. If I understand Dan correctly, I believe that is what he is saying here. My apologies if I’m wrong.
This seems like we are at a critical fork in the road to the successful BTS launch. A fork that our competitors will be the first to exploit by offering countless alternatives to.
I’ve been lurking here for 5 months without a peep. Why? Simply because I see that the man actually reads these posts. What is five minutes of Dan’s time worth to us?
holy shit... +5%
Thanks for signing up and posting! Your feed back and support is appreciated. I think the biggest problem with the trustee approach isn't technical, but pure marketing. There needs to be a clear and concise way to address the FUD that such an approach would be sure to draw.
Simply stating 'better than bitcoin' and 'better than ripple' may be good enough. Perhaps a focus on UTILITY... which system provides the most value to the users? I think we can then classify the value equation as:
VALUE = UTILITY * RISK
With the systems we are building we want to grow UTILITY faster than RISK. If RISK is already very low and you can double UTILITY by sacrificing something far out on the risk curve then the overall VALUE of the system goes up. People don't value bitcoin because it is decentralized... they value it because of what it can do for them.
In most cases the alternatives to the trustee system seem to trade one RISK for another RISK at the cost of much UTILITY. With a solid, responsible, well distributed trustee with backup plans in place the network can gain a lot of VALUE from the UTILITY provided by the TRUST.
Of course UTILITY and RISK are both values that are in the eye of the beholder. For this reason I am convinced that each DAC needs to have two parallel chains one that uses the trustee and one that uses some other system. The market will quickly determine the value of the trustee over the more decentralized approach. If governments start attacking the trustee in a way that the trustee cannot defend against, then the relative value of the two systems will shift.
-
Dan, I support you +5% +5%
-
Greetings Bitshares community, I'm a longtime lurker, first time poster.
I have to agree with Dan on this simply for the fact that the bitcoin centralization argument has thus far been nullified in practice, by the realization that the central mining power has little financial incentive to double spend because it will drive down the price of its stake. Yet countless hours have been spent debating this. According to the current market cap of BTC, some amount of centralization works in a real world crypto. If Sato had held back the launch of bitcoin because it was not perfectly 100% decentralized, then many of us would still have our wealth stored in the bank of Cyprus.
If you could quantify and compare the actual real world decentralization flaw risk models between bitcoin and bitshares (with the trustee system), what is the quantitative result? Are we more or less at risk to attack than bitcoin? That is the only question potential investors will have about this since they are simply comparing BTS to the current BTC benchmark, and not some theoretical 100% decentralized, 100% secure Bank of Star Trek crypto yet to be invented.
If this trustee system is at least as secure as centralized ASIC BTC, then we should implement this ASAP. We are not trying to be perfect; we are trying to beat bitcoin. Who is the top crypto out there? Ripple? Can you put a Ripple private key in cold storage? Ethereum? When? In the third quarter? MSC? XCP? Maybe if the bitcoin central authority modifies the code to assist them. NXT? PPC? If you want your private keys exposed.
Yes, all of us have high hopes, and yes, of course a perfectly decentralized model is the ultimate goal of Dan’s DACs. However, the more tangible, and realistic goal which Dan is trying to achieve here is simply a better bitcoin model where the risk imposed by the central authority is simply less.
The Bit-“share” meme conjures up an owner participation alternative to bitcoin, much like Memory Coin, FTC, DOGE, etc. One where the active community of responsible stakeholders is operating like an ant colony under the major incentive which is to ensure a robust system. As with most investments, you cannot simply buy and hold, but must perform due diligence on occasion, and the added effort we must apply because of this trustee model can be considered the necessary due diligence that we must do to ensure the robustness of the system.
We all want our coins sit in cold storage forever and reap mad rewards. This is not Mike Judge’s Idiocracy just yet; today’s investors must still apply effort on occasion. You will still need to move your BTS annually or be penalized with a 5% laziness hit, so vote your shares when you do that. It’s ok to strive for perfection, and maybe Dan will be the first to launch it, but right now, I will settle for being “better than bitcoin”.
Let's help him design the “best” trustee structure, or else that will be the first part of BTS that gets changed in the first “Lightshares” fork. In fact, by opening this to discussion, Dan has just tipped his hand revealing to his competitors what an incredible shortcut in the BTS development process this could be, and that if utilized in the way Dan envisions, would let our competitors get a working “better than bitcoin” product to the market before our perfectly decentralized BTS is launched.
Time is money, and Dan’s time is cutting edge crypto. He possess the vision of Tesla (Ethereum) who was designing a free energy wire around the planet, with the practicality of Edison (BTC), who worked to make the average human’s life easier today. Furthermore, Dan is asking (not telling) us where he should spend his time. Please feel grateful he doesn’t abandon this project all together to go do whatever he wants. He certainly seems capable of that to me. I vote for launch imperfection like Edison, and let Vatalik go insane struggling for perfection if and only if the BTS trustee system is arguably at least as secure as BTC. If it is not as secure, then we must debate the pros and cons.
In short, the main questions crypto investors care about today is this: Where can I get the security of blockchain cold storage at the lowest security cost relative to bitcoin? As soon as that answer is bitshares, then launch it. If I understand Dan correctly, I believe that is what he is saying here. My apologies if I’m wrong.
This seems like we are at a critical fork in the road to the successful BTS launch. A fork that our competitors will be the first to exploit by offering countless alternatives to.
I’ve been lurking here for 5 months without a peep. Why? Simply because I see that the man actually reads these posts. What is five minutes of Dan’s time worth to us?
holy shit... +5%
Thanks for signing up and posting! Your feed back and support is appreciated. I think the biggest problem with the trustee approach isn't technical, but pure marketing. There needs to be a clear and concise way to address the FUD that such an approach would be sure to draw.
Simply stating 'better than bitcoin' and 'better than ripple' may be good enough. Perhaps a focus on UTILITY... which system provides the most value to the users? I think we can then classify the value equation as:
VALUE = UTILITY * RISK
With the systems we are building we want to grow UTILITY faster than RISK. If RISK is already very low and you can double UTILITY by sacrificing something far out on the risk curve then the overall VALUE of the system goes up. People don't value bitcoin because it is decentralized... they value it because of what it can do for them.
In most cases the alternatives to the trustee system seem to trade one RISK for another RISK at the cost of much UTILITY. With a solid, responsible, well distributed trustee with backup plans in place the network can gain a lot of VALUE from the UTILITY provided by the TRUST.
Of course UTILITY and RISK are both values that are in the eye of the beholder. For this reason I am convinced that each DAC needs to have two parallel chains one that uses the trustee and one that uses some other system. The market will quickly determine the value of the trustee over the more decentralized approach. If governments start attacking the trustee in a way that the trustee cannot defend against, then the relative value of the two systems will shift.
(http://nicktumminello.com/wp-content/uploads/2014/02/Choose-Wisely.jpg)
Don't think for one second that someone wont take your open source work and release the alternative to whatever route you choose.
-
(http://potatows.com/gifs/both.gif)
-
Greetings Bitshares community, I'm a longtime lurker, first time poster.
I have to agree with Dan on this simply for the fact that the bitcoin centralization argument has thus far been nullified in practice, by the realization that the central mining power has little financial incentive to double spend because it will drive down the price of its stake. Yet countless hours have been spent debating this. According to the current market cap of BTC, some amount of centralization works in a real world crypto. If Sato had held back the launch of bitcoin because it was not perfectly 100% decentralized, then many of us would still have our wealth stored in the bank of Cyprus.
If you could quantify and compare the actual real world decentralization flaw risk models between bitcoin and bitshares (with the trustee system), what is the quantitative result? Are we more or less at risk to attack than bitcoin? That is the only question potential investors will have about this since they are simply comparing BTS to the current BTC benchmark, and not some theoretical 100% decentralized, 100% secure Bank of Star Trek crypto yet to be invented.
If this trustee system is at least as secure as centralized ASIC BTC, then we should implement this ASAP. We are not trying to be perfect; we are trying to beat bitcoin. Who is the top crypto out there? Ripple? Can you put a Ripple private key in cold storage? Ethereum? When? In the third quarter? MSC? XCP? Maybe if the bitcoin central authority modifies the code to assist them. NXT? PPC? If you want your private keys exposed.
Yes, all of us have high hopes, and yes, of course a perfectly decentralized model is the ultimate goal of Dan’s DACs. However, the more tangible, and realistic goal which Dan is trying to achieve here is simply a better bitcoin model where the risk imposed by the central authority is simply less.
The Bit-“share” meme conjures up an owner participation alternative to bitcoin, much like Memory Coin, FTC, DOGE, etc. One where the active community of responsible stakeholders is operating like an ant colony under the major incentive which is to ensure a robust system. As with most investments, you cannot simply buy and hold, but must perform due diligence on occasion, and the added effort we must apply because of this trustee model can be considered the necessary due diligence that we must do to ensure the robustness of the system.
We all want our coins sit in cold storage forever and reap mad rewards. This is not Mike Judge’s Idiocracy just yet; today’s investors must still apply effort on occasion. You will still need to move your BTS annually or be penalized with a 5% laziness hit, so vote your shares when you do that. It’s ok to strive for perfection, and maybe Dan will be the first to launch it, but right now, I will settle for being “better than bitcoin”.
Let's help him design the “best” trustee structure, or else that will be the first part of BTS that gets changed in the first “Lightshares” fork. In fact, by opening this to discussion, Dan has just tipped his hand revealing to his competitors what an incredible shortcut in the BTS development process this could be, and that if utilized in the way Dan envisions, would let our competitors get a working “better than bitcoin” product to the market before our perfectly decentralized BTS is launched.
Time is money, and Dan’s time is cutting edge crypto. He possess the vision of Tesla (Ethereum) who was designing a free energy wire around the planet, with the practicality of Edison (BTC), who worked to make the average human’s life easier today. Furthermore, Dan is asking (not telling) us where he should spend his time. Please feel grateful he doesn’t abandon this project all together to go do whatever he wants. He certainly seems capable of that to me. I vote for launch imperfection like Edison, and let Vatalik go insane struggling for perfection if and only if the BTS trustee system is arguably at least as secure as BTC. If it is not as secure, then we must debate the pros and cons.
In short, the main questions crypto investors care about today is this: Where can I get the security of blockchain cold storage at the lowest security cost relative to bitcoin? As soon as that answer is bitshares, then launch it. If I understand Dan correctly, I believe that is what he is saying here. My apologies if I’m wrong.
This seems like we are at a critical fork in the road to the successful BTS launch. A fork that our competitors will be the first to exploit by offering countless alternatives to.
I’ve been lurking here for 5 months without a peep. Why? Simply because I see that the man actually reads these posts. What is five minutes of Dan’s time worth to us?
+5%
Whoa... you should probably contribute more often.
I'm sold
Maybe using .dac's post will convince everyone, I really like this post.
-
(http://potatows.com/gifs/both.gif)
Would you please give a brief indication of the implications of using both. Would you be releasing two versions of of each DAC at the same time, and PTS/AGS holders would get at least 10% in each version, and must run two blockchains simultaneously for every DAC?
-
(http://potatows.com/gifs/both.gif)
Would you please give a brief indication of the implications of using both. Would you be releasing two versions of of each DAC at the same time, and PTS/AGS holders would get at least 10% in each version, and must run two blockchains simultaneously for every DAC?
I would release the one I think is best, competitors would probably fork it and still honor AGS/PTS. Remember we can fork them if they don't ;). If they produce a better product / solution then I will adopt it for future DACs. My goal is most value, best results. Competition makes us all stronger and I welcome it.
-
I want to thank everyone for their feedback so lets address some things:
1) Delegation of your stake is the way most people will prefer to operate. Lets assume that any successful design will depend upon this delegation of votes to 'voting keys' which are independent of 'spending keys'.
2) A single Trustee can periodically abuse their power in 'politically acceptable ways'.... I can see them blocking any transaction attempting to spend funds stolen by the FBI without generating enough uproar to vote them out of office. In effect, the trustee has defacto power to freeze funds of minorities so long as it was politically acceptable of the majority. This is a potential problem, but one that is solved by competition.
3) If viewed as companies, each company is competing in the market and the value of its shares will be based upon how secure their network is and how 'fair' it is. A network run by someone who refused to play politics would gain value much like low-regulation economic regions.
4) There are many ways to select such a trustee and the result of market competition and eliminating barriers to entry would be the best form of decentralization.
Lets think in terms of 'value to customer' vs 'risk to customer' and what is the customer willing to pay?
Lets also realize that this particular problem is very hard and that the *real answer* is to have many competing systems and let the market sort it out. Given the goal of competing systems, it is hard to compete with something when all you have is nothing. So proving the business models work (BTS X anyone?) and then committing to improve DACs is the way to go. I could see the trustee working to decentralize his block production process via Ripple Consensus. I could see voting systems set up.
In bitcoin land, the mining pools are 'delegates' which then direct the voting power of the masses to rapidly resolve forks. Shareholders should delegate their power in similar ways. So long as it is easy to change and unambiguous we would have a solid system. This delegation could even occur on the block chain itself. If it happened on the blockchain the trustee could block votes for anyone else, but this type of hostile takeover is the grounds upon which a fork will be started with a new trustee. Subverting the 'democratic' process supported by the chain would be clear signs that the trustee is no longer in charge.
99% of the time if a hard-fork is required to correct the problem, there will only be a single hard fork and a leader will step up to champion the cause. The market will follow the chain with the most support.
Market is decentralization.
This is a lot more palatable than before. Inclusion of mining pools is a good move. If it's a democratic process and is as decentralized as possible, and if there is a legitimate reason which you can explain for having a trustee then I can get behind the idea.
I think the difficult part isn't to get people on this forum behind the idea though. You're going to have to make a compelling case for this because this is the sort of alien thinking that will be beyond most people conceptually.
Just as Stan had to write articles about what a DAC is, you're going to have to describe this trustee system using a metaphor which people can make sense of. My understanding of the idea is that the trustee is the primary DAC operator. The roles have to be set and the limited power of the trustee must be made explicit.
You will probably need an entire article just on the trustee, their role, why the trustee is a necessary evil, and have some numbers to prove it's actually better for performance, security, and so on. If you have statistics which back the case and the concepts are explained then the most knowledgeable will get it and over time it can be explained deeper in videos, interviews, and more.
I think in the initial article you're going to have to make it very visual. An info graphic may be necessary to accompany this initial article. We need to see at a glance what shape the network will look like, what the roles are, in visual form, and then make the case in the article.
See how that is received in my opinion. I think it's risky to do this but if the rewards are great and reasoning made clear a lot of people in the decentralization community are risk takers and open to experimentation.
-
Trustee is one people or one team?
I think one team is good.Such as,whoever has 10000bts then is the member of the team.
If forked ,then ,the team can make a vote in keyhotee or anywhere.
-
One additional point. If it were possible to design the BTX DAC so that the trustee mechanisms are scriptable this could allow for people the freedom of expression to try many different organizational models. Trial and error lead to algorithmic optimization over time but you need enough flexibility and ease for different DACs to try many different models.
So I would say if possible add a scripting layer to this so that for example the amount of power a trustee has is something which can be voted on, revoked, with a very fine level of granularity. The fear is that the community might not be able to keep track of the source code and the trustee could somehow become a dictator.
If we want the trustee to be able to act in a way which is in the best interest of the majority of shareholders but the trustee does not have the explicit power to do so, perhaps this would be an area for a script to create a sort of digital contract which gives the trustee certain privileges. The principle of least privilege can be followed so the trustee never has any more privileges than is necessary, but voting or some other mechanism such as a prediction market has to allow for feedback.
-
One additional point. If it were possible to design the BTX DAC so that the trustee mechanisms are scriptable this could allow for people the freedom of expression to try many different organizational models. Trial and error lead to algorithmic optimization over time but you need enough flexibility and ease for different DACs to try many different models.
So I would say if possible add a scripting layer to this so that for example the amount of power a trustee has is something which can be voted on, revoked, with a very fine level of granularity. The fear is that the community might not be able to keep track of the source code and the trustee could somehow become a dictator.
If we want the trustee to be able to act in a way which is in the best interest of the majority of shareholders but the trustee does not have the explicit power to do so, perhaps this would be an area for a script to create a sort of digital contract which gives the trustee certain privileges. The principle of least privilege can be followed so the trustee never has any more privileges than is necessary, but voting or some other mechanism such as a prediction market has to allow for feedback.
Ideally the trustee and the maintainer of the source are two different individuals. Like bitcoin every update to the source has the potential for a hard fork of the network. Remember, people don't just 'trust' the trustee on the validity of the block. They verify every block follows the rules and the first time the trustee produces an invalid block the user's client is notified that one of two things has happened:
1) They have not updated and the trustee went down a hard fork without also maintaining the old fork.
2) The trustee is bad and is using non-standard code that violates the rules... a new trustee is needed.
In either case the user knows immediately that they need to take some action.
-
I don't think centralization is a good idea.
The cryptocurrency grave yard is littered with centralized schemes. Make no mistake that there is enough pressure already IMO on I3 to be indicted for securities violations, whether that is the case will be up to a court to decide. You have taken steps to stop the regulators from stopping your work, but they can arrest you and accuse you at any time. They know they have a better than 80% chance to get a conviction at trial, just because of the psychology of an authority saying you did something wrong. I can deal with that element of centralization, but just barely.
I think that any trustee that reveals their identity and lives in a country with strong financial regulations, such as the US, will go to jail for operating with out a license, selling securities with out a license, conspiracy to commit security fraud, money transmission without a licence, running a money services business without a license, the litany of charges will go on forever in some cases.
This will basically only leave trustees in countries where regulations are lax to operate the trustee scheme. This type of system will ensure that wall street and most of main street will not participate. This is bad for my and others' investment in PTS,AGS, and BTS. I will not participate in such a scheme, I believe the only reason that Bitcoin is any different than any prior is because of the blockchain decentralization invention. You are literally taking the greatest invention of the century and throwing it out the window for centralized control. Make no mistake you are taking a step backward.
If you are serious about this thing you have created, you would spend the time to do it right. Satoshi took years crafting his system, you can't take a few extra months?
-
several questions are not clear from the discussions:
1) what is the process to vote for a trustee, how many candidates will we have and how long will the election take?
2) how to fire a trustee? Is a hard fork absolutely required for adopting a new trustee?
3) is the trustee server also open source? how can we be sure if it is actually running that code? how can we validate that the process that the trustee follows to select the next block is actually fair?
-
So who has better security BTS or BTC?
Who cares. Neither have been compromised nor have exhibited any clear incentive for anyone to do so.
WTH are you talking about, you can't compare the two in security. BTS doesn't exist, the amount of people who have actually run any test transactions are in the 10's or 100's. You simply cannot compare a system that has 5 years of proof with one that is in an alpha state. Handing over control to people is going to have consequences. Your never going to convince real people in finance that it is in there best interest to invest in some complicated scheme, consisting of PTS/AGS, DACs, and Chains, and that has some anonymous guy in charge of the money and trading. Do this and wallstreet will dump millions into Etherium or some other technology.
Don't talk ripple up, it has no volume and is a complete premine.
-
I don't think centralization is a good idea.
The cryptocurrency grave yard is littered with centralized schemes. Make no mistake that there is enough pressure already IMO on I3 to be indicted for securities violations, whether that is the case will be up to a court to decide. You have taken steps to stop the regulators from stopping your work, but they can arrest you and accuse you at any time. They know they have a better than 80% chance to get a conviction at trial, just because of the psychology of an authority saying you did something wrong. I can deal with that element of centralization, but just barely.
I think that any trustee that reveals their identity and lives in a country with strong financial regulations, such as the US, will go to jail for operating with out a license, selling securities with out a license, conspiracy to commit security fraud, money transmission without a licence, running a money services business without a license, the litany of charges will go on forever in some cases.
This will basically only leave trustees in countries where regulations are lax to operate the trustee scheme. This type of system will ensure that wall street and most of main street will not participate. This is bad for my and others' investment in PTS,AGS, and BTS. I will not participate in such a scheme, I believe the only reason that Bitcoin is any different than any prior is because of the blockchain decentralization invention. You are literally taking the greatest invention of the century and throwing it out the window for centralized control. Make no mistake you are taking a step backward.
If you are serious about this thing you have created, you would spend the time to do it right. Satoshi took years crafting his system, you can't take a few extra months?
This is something which could happen but how likely is it to happen? Bitshares aren't securities anymore than objects in WoW are securities. That isn't to say there wont be regulation, but if they were to target that it would be seen as petty. It's similar to gambling sites.
-
1) All of the random selection techniques discussed here (and with Nxt) depend upon people putting their private keys at risk. So rather than trusting a trustee, everyone has to trust their computer not to get hacked.
Why not having a separate private key for staking and a separate private key for spending? Then hacking will be a no issue: even if somebody knows my staking private key he's still not able to spend the transactions.
-
I don't think centralization is a good idea.
The cryptocurrency grave yard is littered with centralized schemes. Make no mistake that there is enough pressure already IMO on I3 to be indicted for securities violations, whether that is the case will be up to a court to decide. You have taken steps to stop the regulators from stopping your work, but they can arrest you and accuse you at any time. They know they have a better than 80% chance to get a conviction at trial, just because of the psychology of an authority saying you did something wrong. I can deal with that element of centralization, but just barely.
I think that any trustee that reveals their identity and lives in a country with strong financial regulations, such as the US, will go to jail for operating with out a license, selling securities with out a license, conspiracy to commit security fraud, money transmission without a licence, running a money services business without a license, the litany of charges will go on forever in some cases.
This will basically only leave trustees in countries where regulations are lax to operate the trustee scheme. This type of system will ensure that wall street and most of main street will not participate. This is bad for my and others' investment in PTS,AGS, and BTS. I will not participate in such a scheme, I believe the only reason that Bitcoin is any different than any prior is because of the blockchain decentralization invention. You are literally taking the greatest invention of the century and throwing it out the window for centralized control. Make no mistake you are taking a step backward.
If you are serious about this thing you have created, you would spend the time to do it right. Satoshi took years crafting his system, you can't take a few extra months?
This is something which could happen but how likely is it to happen? Bitshares aren't securities anymore than objects in WoW are securities. That isn't to say there wont be regulation, but if they were to target that it would be seen as petty. It's similar to gambling sites.
From wiki:
A security is a tradable asset of any kind.[1] Securities are broadly categorized into:
debt securities (such as banknotes, bonds and debentures),
equity securities, e.g., common stocks; and,
derivative contracts, such as forwards, futures, options and swaps.
The company or other entity issuing the security is called the issuer.
Your selling a derivative, your calling it bitUSD, bitEUR, bitBTC, it's a security to the SEC. The SEC will try to enforce this, they have no desire to see this project come to pass. The more decentralized the better. It is in the best interest of the project to consider the issue. The only reason that the SEC has not cracked down on Bitcoin is because it stands by it self in a category not classified here as it is completely decentralized. Even then I'm sure they will try to say now it is a security.
Bitshares on the other hand, is using "marketing terms" such as the word "shares" and "Exchange" which imply a security, its trading consists of elements directly in conflict with the above definition, that being debt security in the form of bitUSD and it sells derivative contracts on those debt securities.
The best way to deal with the SEC is to assume they will take the least favorable side you can imagine. They often do.
-
I don't think centralization is a good idea.
The cryptocurrency grave yard is littered with centralized schemes. Make no mistake that there is enough pressure already IMO on I3 to be indicted for securities violations, whether that is the case will be up to a court to decide. You have taken steps to stop the regulators from stopping your work, but they can arrest you and accuse you at any time. They know they have a better than 80% chance to get a conviction at trial, just because of the psychology of an authority saying you did something wrong. I can deal with that element of centralization, but just barely.
I think that any trustee that reveals their identity and lives in a country with strong financial regulations, such as the US, will go to jail for operating with out a license, selling securities with out a license, conspiracy to commit security fraud, money transmission without a licence, running a money services business without a license, the litany of charges will go on forever in some cases.
This will basically only leave trustees in countries where regulations are lax to operate the trustee scheme. This type of system will ensure that wall street and most of main street will not participate. This is bad for my and others' investment in PTS,AGS, and BTS. I will not participate in such a scheme, I believe the only reason that Bitcoin is any different than any prior is because of the blockchain decentralization invention. You are literally taking the greatest invention of the century and throwing it out the window for centralized control. Make no mistake you are taking a step backward.
If you are serious about this thing you have created, you would spend the time to do it right. Satoshi took years crafting his system, you can't take a few extra months?
This is something which could happen but how likely is it to happen? Bitshares aren't securities anymore than objects in WoW are securities. That isn't to say there wont be regulation, but if they were to target that it would be seen as petty. It's similar to gambling sites.
From wiki:
A security is a tradable asset of any kind.[1] Securities are broadly categorized into:
debt securities (such as banknotes, bonds and debentures),
equity securities, e.g., common stocks; and,
derivative contracts, such as forwards, futures, options and swaps.
The company or other entity issuing the security is called the issuer.
Your selling a derivative, your calling it bitUSD, bitEUR, bitBTC, it's a security to the SEC. The SEC will try to enforce this, they have no desire to see this project come to pass. The more decentralized the better. It is in the best interest of the project to consider the issue. The only reason that the SEC has not cracked down on Bitcoin is because it stands by it self in a category not classified here.
Bitshares on the other hand, is using "marketing terms" such as the word "shares" and "Exchange" which imply a security, its trading consists of elements directly in conflict with the above definition, that being debt security in the form of bitUSD and it sells derivative contracts on those debt securities.
The best way to deal with the SEC is to assume they will take the least favorable side you can imagine. They often do.
BitUSD isn't an actual derivative. It's not any more a derivative than a poker chip is a derivative. How is it that poker chips are consider poker chips but BitUSD is considered a derivative? And if both are digital, and no contracts are used to guarantee it, I don't see where the SEC or the law has any say in something which is entirely virtual.
If a legal contract is written or if someone tries to redeem BitUSD for real USD then you might have a point. BitUSD isn't USD in anything other than name though. It's not an actual contract.
I'm not a lawyer, I'm just giving my interpretation.
"The SEC will try to enforce this, they have no desire to see this project come to pass."
If Bitcoin is not a currency, and if Bitcoin is not a stock, what gives the SEC any authority over it? It's digital property from what the IRS says. If Bitshares isn't an actual stock backed by an actual company then what business does the SEC have in this space?
Is the SEC going after Second Life next? How much authority do they have? Will they go after people using poker chips and monopoly money too? I'm not saying they cannot interpret the law in a way to try and stretch their power, I'm making a point that it's wrong for them to do it.
They are the securities and exchange commission while Bitshares is more like a gambling program that people run to bet on stuff. It's not real money and the only way I could see them making it into something real would be if it centralized around Invictus. Invictus actually was a corporation so that is one area they might try to use.
You've highlighted a legitimate problem with the trustee scheme though. It will make regulators want to find the trustee and go after whoever is in that position and that is why I said it was a risk to be the trustee.
If there must be a trustee in my opinion the best way to do it is to put a public face on Bitshares and let someone be a public trustee. No anonymous trustee, no hiding, no trying to be sneaky, all of that will attract regulators like a magnet. If the trustee is public and willing to go to jail or court to defend Bitshares that actually would look better politically.
I don't think people in the United States would like to see innocent people being put in jail for inventing new technologies. If the United States is willing to do that then it may change the culture of Silicon Valley.
"BTCST, formerly known as First Pirate Savings & Trust, is an unincorporated
entity with no brick and mortar presence. The BTCST investments Defendants offered and sold to the investing public as alleged herein constitute “securities” as defined by Section 2(a)(1) of the Securities Act [15 U.S.C. § 77b(a)(1)] and Section 3(a)(10) of the Exchange Act [15 U.S.C. § "
"Any investment in securities in the United states remains subject to the jurisdiction of the SEC regardless of whether the investment is made in U.S. dollars or a virtual currency. In particular, individuals selling investments are typically subject to federal or state licensing requirements."
https://www.sec.gov/litigation/complaints/2013/comp-pr2013-132.pdf
-
I don't think centralization is a good idea.
The cryptocurrency grave yard is littered with centralized schemes. Make no mistake that there is enough pressure already IMO on I3 to be indicted for securities violations, whether that is the case will be up to a court to decide. You have taken steps to stop the regulators from stopping your work, but they can arrest you and accuse you at any time. They know they have a better than 80% chance to get a conviction at trial, just because of the psychology of an authority saying you did something wrong. I can deal with that element of centralization, but just barely.
I think that any trustee that reveals their identity and lives in a country with strong financial regulations, such as the US, will go to jail for operating with out a license, selling securities with out a license, conspiracy to commit security fraud, money transmission without a licence, running a money services business without a license, the litany of charges will go on forever in some cases.
This will basically only leave trustees in countries where regulations are lax to operate the trustee scheme. This type of system will ensure that wall street and most of main street will not participate. This is bad for my and others' investment in PTS,AGS, and BTS. I will not participate in such a scheme, I believe the only reason that Bitcoin is any different than any prior is because of the blockchain decentralization invention. You are literally taking the greatest invention of the century and throwing it out the window for centralized control. Make no mistake you are taking a step backward.
If you are serious about this thing you have created, you would spend the time to do it right. Satoshi took years crafting his system, you can't take a few extra months?
This is something which could happen but how likely is it to happen? Bitshares aren't securities anymore than objects in WoW are securities. That isn't to say there wont be regulation, but if they were to target that it would be seen as petty. It's similar to gambling sites.
From wiki:
A security is a tradable asset of any kind.[1] Securities are broadly categorized into:
debt securities (such as banknotes, bonds and debentures),
equity securities, e.g., common stocks; and,
derivative contracts, such as forwards, futures, options and swaps.
The company or other entity issuing the security is called the issuer.
Your selling a derivative, your calling it bitUSD, bitEUR, bitBTC, it's a security to the SEC. The SEC will try to enforce this, they have no desire to see this project come to pass. The more decentralized the better. It is in the best interest of the project to consider the issue. The only reason that the SEC has not cracked down on Bitcoin is because it stands by it self in a category not classified here.
Bitshares on the other hand, is using "marketing terms" such as the word "shares" and "Exchange" which imply a security, its trading consists of elements directly in conflict with the above definition, that being debt security in the form of bitUSD and it sells derivative contracts on those debt securities.
The best way to deal with the SEC is to assume they will take the least favorable side you can imagine. They often do.
BitUSD isn't an actual derivative. It's not any more a derivative than a poker chip is a derivative. How is it that poker chips are consider poker chips but BitUSD is considered a derivative? And if both are digital, and no contracts are used to guarantee it, I don't see where the SEC or the law has any say in something which is entirely virtual.
If a legal contract is written or if someone tries to redeem BitUSD for real USD then you might have a point. BitUSD isn't USD in anything other than name though. It's not an actual contract.
I'm not a lawyer, I'm just giving my interpretation.
"The SEC will try to enforce this, they have no desire to see this project come to pass."
If Bitcoin is not a currency, and if Bitcoin is not a stock, what gives the SEC any authority over it? It's digital property from what the IRS says. If Bitshares isn't an actual stock backed by an actual company then what business does the SEC have in this space?
Is the SEC going after Second Life next? How much authority do they have? Will they go after people using poker chips and monopoly money too? I'm not saying they cannot interpret the law in a way to try and stretch their power, I'm making a point that it's wrong for them to do it.
They are the securities and exchange commission while Bitshares is more like a gambling program that people run to bet on stuff. It's not real money and the only way I could see them making it into something real would be if it centralized around Invictus. Invictus actually was a corporation so that is one area they might try to use.
You've highlighted a legitimate problem with the trustee scheme though. It will make regulators want to find the trustee and go after whoever is in that position and that is why I said it was a risk to be the trustee.
If there must be a trustee in my opinion the best way to do it is to put a public face on Bitshares and let someone be a public trustee. No anonymous trustee, no hiding, no trying to be sneaky, all of that will attract regulators like a magnet. If the trustee is public and willing to go to jail or court to defend Bitshares that actually would look better politically.
I don't think people in the United States would like to see innocent people being put in jail for inventing new technologies. If the United States is willing to do that then it may change the culture of Silicon Valley.
More information is needed about this https://www.sec.gov/News/PressRelease/Detail/PressRelease/1370539730583
https://www.sec.gov/litigation/complaints/2013/comp-pr2013-132.pdf
Did they call it securities or not?
A security is a tradable asset of any kind. I believe they will try to apply this same logic to Bitcoin and everything else. The reason why Bitshares is currently different than Bitcoin is because it has a built in exchange. An exchange is a place the SEC believes is exactly in its wheelhouse, no questions asked. They would feel as if investors are not made aware of risks, money laundering etc, and unregulated risk influencing "real" markets.
BitUSD is not a poker chip, first of all the USD implies dollar, not only that but it is pegged to the dollar for the most part. They will argue, and probably successfully, that you can't have it both ways, you can't say it has no relation to USD, the users just for some reason value it exactly to the value of a dollar +5%. How did the users know to value the asset to the exact price of a dollar? Probably because of the name?
BitAssets are not at all like poker chips. You would have a very weak argument in court, people know what a poker chip is and it's function. A judge would have played both games, that of poker and the market, and would side with the prosecution believing it feels and behaves like a market and not a game.
Any public face involved in anything using the words shares,shareholder,dividend,stock,corporation,etc should expect that the SEC will be paying them a visit. To think otherwise given the Satoshidice thing is foolish.
-
If someone has to hide behind a torr network to support BitsharesX it makes the whole thing look dodgy.
I'm just imagining trying to explain to the people at work that they should start trading using bitsharesX: "Oh no dont worry there is some guy hiding behind a computer somewhere running the system so it should be fine." even though this wouldnt be strictly true, trying explaining the centralized looking system to someone who doesnt understand how this stuff works would stretch beyond peoples attention span.
There are still so many people who dont want to use bitcoin because they think Shatoshi is sitting behind a computer somewhere running it and steeling from them (and bitcoin is very decentralized!).
I3 got me hooked on decentralization because it makes so much sense. With this proposed system I would not have the same comfort using it as I have when using bitcoin. Imagine BitsharesX becomes as big as bitcoin. It will be on the news everytime a trustee has to be fired for misconduct. That wont do much to raise confidence about using a new technology.
And I wont be casting any votes (time/technical ability to monitor trustee misconduct) so I will have to trust others to vote on my behalf to elect a new trustee to trust.
Everything than can be decentralized, should be. I am happy to make compromises for increased decentralization but would not be happy with a new feature with further centralization as a trade off.
-
And Luckybit has a good point that the focus of our argument for requiring a trustee should be based on the fact that shareholders are not placing any more trust in our trustee than XRP holders place in a gateway, or BTC holders place in the ASIC pools; and far less destruction to our personal holdings can result in a 100% breach of trust by our trustee in our case as compared to those who recently got goxed.
And does this trustee method really speed up transactions? Because Ripple is FAST !
Bytemaster is leaning toward kicking up the UTILITY factor here, and I wholeheartedly agree.
Ripple is a great example of how we already have proof the market hates a trusted gateway approach.
Despite it's utility, speed and the investment that went into it, it's trending to zero and the fact that there are no ripple clones/forks out there is very telling.
The biggest currencies since Bitcoin are the ones that have developed methods that involve less trust in ASIC pools, Litecoin, Peercoin, then NXT. (Do you think the introduction of scrypt asics soon will increase or decrease Litecoins value?)
It's why no-one's afraid of JPM-coin it might have a lot more utility, but if it involves more trust than existing decentralised alternatives I think it's already dead in the water.
-
One additional point. If it were possible to design the BTX DAC so that the trustee mechanisms are scriptable this could allow for people the freedom of expression to try many different organizational models. Trial and error lead to algorithmic optimization over time but you need enough flexibility and ease for different DACs to try many different models.
So I would say if possible add a scripting layer to this so that for example the amount of power a trustee has is something which can be voted on, revoked, with a very fine level of granularity. The fear is that the community might not be able to keep track of the source code and the trustee could somehow become a dictator.
If we want the trustee to be able to act in a way which is in the best interest of the majority of shareholders but the trustee does not have the explicit power to do so, perhaps this would be an area for a script to create a sort of digital contract which gives the trustee certain privileges. The principle of least privilege can be followed so the trustee never has any more privileges than is necessary, but voting or some other mechanism such as a prediction market has to allow for feedback.
+5% +5%
.............
They verify every block follows the rules and the first time the trustee produces an invalid block the user's client is notified that one of two things has happened:
1) They have not updated and the trustee went down a hard fork without also maintaining the old fork.
2) The trustee is bad and is using non-standard code that violates the rules... a new trustee is needed.
In either case the user knows immediately that they need to take some action.
Hoping that these users's action to find new trustee is script automation, being part of digital contract/protocol, different from the way of MMC voting. People are lazy and slow to react manually, and they don't even want to spend time on this, the lag time will be long if it is political, especially for those who even don't know the bottom mechanism but just want to trust the protocol's peer review from opensource. If the trustee selection process is not settled down in digital contract/protocol, the people could have no idea which to choose, and it is tending to be political, which awaits improvement.
-
If someone has to hide behind a torr network to support BitsharesX it makes the whole thing look dodgy.
I'm just imagining trying to explain to the people at work that they should start trading using bitsharesX: "Oh no dont worry there is some guy hiding behind a computer somewhere running the system so it should be fine." even though this wouldnt be strictly true, trying explaining the centralized looking system to someone who doesnt understand how this stuff works would stretch beyond peoples attention span.
Here is an answer. How about the trustee be public, but located out of the US jurisdiction and that would put them out of the jurisdiction of the SEC.
The trustee being public removes the shady factor, but the trustee being out of US jurisdiction removes the legal risk.
-
The term trustee sounds like marketing suicide. Change the name.
-
If someone has to hide behind a torr network to support BitsharesX it makes the whole thing look dodgy.
I'm just imagining trying to explain to the people at work that they should start trading using bitsharesX: "Oh no dont worry there is some guy hiding behind a computer somewhere running the system so it should be fine." even though this wouldnt be strictly true, trying explaining the centralized looking system to someone who doesnt understand how this stuff works would stretch beyond peoples attention span.
Here is an answer. How about the trustee be public, but located out of the US jurisdiction and that would put them out of the jurisdiction of the SEC.
The trustee being public removes the shady factor, but the trustee being out of US jurisdiction removes the legal risk.
So only people in certain jurisdictions can assist in supporting the network in this manner
-
The term trustee sounds like marketing suicide. Change the name.
Perhaps acceptor?
Notary?
Witness?
-
It's why no-one's afraid of JPM-coin it might have a lot more utility, but if it involves more trust than existing decentralised alternatives I think it's already dead in the water.
Define trust? Do we not trust the mining pools not to collude? Do we not trust the government to to shutdown every mining pool or outlaw asic?
Trust is all relative and ultimately begs the question... "trust what?" and "what happens if my trust is violated?". In the case of Bitcoin if your trust in the mining pools and large ASIC manufactures is violated you have no recourse except to start a new chain based upon a new security model. Bitcoin miners own all sha256 based chains. What would happen if Bitcoin suddenly lost 75% of its value... would it be hung out to dry like PTS taking an hour per block? What happens if the 'core developers' make decisions that harm the network (possibly coerced) and the pools support these hard forks? You see, these other systems only have marketing behind them to make it appear as if their is no need to trust anyone. Ultimately you are trusting an unelected group of individuals who have erected barriers to entry that protects their power.
In the case of Ripple they have 90+% (last I heard) of the shares and ran the only servers which alone *define* the consensus. So in this case you are trusting them to be benevolent and not change their definition of consensus or block transactions. Ripple operates on a 'trustee' model defined by the "unique node list" on the principle that the UNL will not collude to defraud you.
So how have we improved things with TaPOS + Notary? First of all the largest shareholder in BTS systems has less than 10% and the remaining shares are divided among 1000s. Everyone participates in securing the network and making it immutable. No other system has this property of being immutable because it is always possible to mine longer alternative chains whether it is POS or POW. No other system has as every shareholder participating in the securing of the network and ultimately ratifying the ledger. You could say that TaPOS means that eventually every transaction is confirmed and ratified by 90% or more of the shareholders.
There are two kinds of decentralization: power & redundancy. There are two types of power: power to change and power to prevent change. In the bitcoin space, the miners have the power to change history and the power to block transactions. As soon as 51% of the hashing power is controlled any transaction can be blocked forever by the attacker refusing to build upon any block that includes it. As a government that didn't want make Bitcoin illegal (for political reasons), they could certainly 'follow the rules' and gain the ability to do far more than the Notary could with TaPOS. The notary has no ability to change history with only the power to prevent change and their power is easily taken from them.
With respect to 'centralization' of a point of failure, it is easy for the Notary to provide some redundancy and for the network to have contingency plans in place should anything happen. These contingency plans can be executed without manual involvement of everyone.
Decentralization: Removing barriers to entry and maximizing competition.
No other system is as decentralized as I am proposing.
-
The term trustee sounds like marketing suicide. Change the name.
Perhaps acceptor?
Notary?
Witness?
Operator.
The connotation https://en.wikipedia.org/wiki/Operator_assistance
-
No other system is as decentralized as I am proposing.
The problem is it may introduce politics into the system. Politics create a toxic environment.
Your suggestion of using Tor nodes and anonymity is not politically palatable. It might be palatable for the fringe community but not for Wall Street. Consider that your primary demographic for Bitshares will be Wall Street.
What does the Wall Street user require? They want regulation. They want transparency. They might like the fact that Bitcoin is decentralized, does not require trust, is more efficient, but to go mainstream AML, KYC and all sorts of regulatory protocols have to be adopted but in a decentralized peer to peer fashion. (Blockauth is a good example https://github.com/DeftNerd/BlockAuth )
So if you go the operator route (instead of trustees), the one argument you could make which is hard to refute is that we need self regulation. This self regulation means someone may have to interact with the global authorities. This person may need some power to regulate the network and the majority of users could be convinced to go that route if it's the only route to keep Bitshares legal and make it mainstream.
The network itself could vote on who operates the DAC. I'm not against the idea of having DAC operators because I proposed a similar idea about voting a while back for a different purpose but was told that voting is not a good idea and that prediction markets would work better.
Let's say we go with voting, and we empower this individual or group of individuals. Let's say that it's time to bring Bitshares into the mainstream and these are the individuals chosen to represent the network. All of them are in public, all of them work with regulators, but they get voted into these positions in such a way that regulators have to work with the decentralized base of the network. The network itself is a sovereign entity but the operators must respect the rules of their jurisdiction, they can bridge the gap between the two worlds.
Leaders and important persons will always exist in some form even in flat networks. Valve for instance is a flat network but it still has leaders. So decentralization does not mean there isn't an underlying power structure.
The question is what to make that sacrifice for? Absolute decentralization makes even self regulation impossible and without that the entire network could be villainized. While thinking about the problem of security from the angle presented by Cryptosig in which the SEC or some other agencies want to get involved, it's clear that in order to deal with some of them will require playing political ball.
The Bitcoin foundation tries to do it but does not do it very well. Individuals who operate DACs will have to meet with regulators and negotiate back and forth. If these individuals are high enough in number and spread across multiple jurisdictions then it's superior to the Bitcoin foundation in that regard. Additionally if the decisions can happen in such a way to minimize disagreement and politics thats even better.
A lot of text above just to suggest that we politically and legally future proof the design of Bitshares. It should be designed to withstand political and legal attack, not also designed in such a way to self regulate so that external regulation is not needed. If external regulators cannot make the case in the first place then there isn't a way to bring political pressure to ban the whole thing.
-
+1 for "witness" instead of "trustee"
Sent from my SCH-I535 using Tapatalk
-
+1 for "witness" instead of "trustee"
Sent from my SCH-I535 using Tapatalk
Witness has a negative connotation too because it's associated with courts and crime.
To me witness is almost as bad as trustee because of the frame and subliminal images it evokes.
Operator evokes the images of telephone operators from the time where calls had to be connected to each other manually. Older generations will remember this and have a positive frame of reference while younger generations may not know what it means except that it's associated with 911 or 0. Finally to make my case for use of the word more solid, operators reference communication or information networks while "witness" and "trustee" seem to reference the legal, justice, or government type of networks which people tend to want to avoid.
Observer also have a better frame and connotation than witness and means the same thing. So if you want to use something like witness but not have it evoke negative frames then observer would work.
-
Facilitator or Processor
-
It's why no-one's afraid of JPM-coin it might have a lot more utility, but if it involves more trust than existing decentralised alternatives I think it's already dead in the water.
Define trust? Do we not trust the mining pools not to collude? Do we not trust the government to to shutdown every mining pool or outlaw asic?
Trust is all relative and ultimately begs the question... "trust what?" and "what happens if my trust is violated?". In the case of Bitcoin if your trust in the mining pools and large ASIC manufactures is violated you have no recourse except to start a new chain based upon a new security model. Bitcoin miners own all sha256 based chains. What would happen if Bitcoin suddenly lost 75% of its value... would it be hung out to dry like PTS taking an hour per block? What happens if the 'core developers' make decisions that harm the network (possibly coerced) and the pools support these hard forks? You see, these other systems only have marketing behind them to make it appear as if their is no need to trust anyone. Ultimately you are trusting an unelected group of individuals who have erected barriers to entry that protects their power.
In the case of Ripple they have 90+% (last I heard) of the shares and ran the only servers which alone *define* the consensus. So in this case you are trusting them to be benevolent and not change their definition of consensus or block transactions. Ripple operates on a 'trustee' model defined by the "unique node list" on the principle that the UNL will not collude to defraud you.
So how have we improved things with TaPOS + Notary? First of all the largest shareholder in BTS systems has less than 10% and the remaining shares are divided among 1000s. Everyone participates in securing the network and making it immutable. No other system has this property of being immutable because it is always possible to mine longer alternative chains whether it is POS or POW. No other system has as every shareholder participating in the securing of the network and ultimately ratifying the ledger. You could say that TaPOS means that eventually every transaction is confirmed and ratified by 90% or more of the shareholders.
There are two kinds of decentralization: power & redundancy. There are two types of power: power to change and power to prevent change. In the bitcoin space, the miners have the power to change history and the power to block transactions. As soon as 51% of the hashing power is controlled any transaction can be blocked forever by the attacker refusing to build upon any block that includes it. As a government that didn't want make Bitcoin illegal (for political reasons), they could certainly 'follow the rules' and gain the ability to do far more than the Notary could with TaPOS. The notary has no ability to change history with only the power to prevent change and their power is easily taken from them.
With respect to 'centralization' of a point of failure, it is easy for the Notary to provide some redundancy and for the network to have contingency plans in place should anything happen. These contingency plans can be executed without manual involvement of everyone.
Decentralization: Removing barriers to entry and maximizing competition.
No other system is as decentralized as I am proposing.
So whats the worst case scenario if a trustee/notary/witness/acceptor/inscriber/signer/authenticator/watcher/super node/cute cuddly bunny goes rogue?
Could they get a double spend off and profit from it, even if they get caught and canned immediately afterwards? Lets say I have a million dollars worth of BTS. Could I double spend that and actually get a million dollars profit for doing it? This would be especially attractive if I had hosted the node through tor, as then all I'd have to do is wash the BTC I double spent for.
-
I like your idea but think there should 100% be a small but meaningful reward for successfully doing the job whose payment should be delayed by a decent period of time, say a week or a month that would allow any betrayal of trust to involve much of the vested time going unpaid.
It would encourage those who want to scam the network to just do it immediately because they're not going to be paid for most of the good work performed once the betrayal is discovered.
In other words, fail fast.
True decentralization isn't necessary for everything, the important part is to prevent to monopoly of what is "correct". So whether you do a random lottery or whatever, it should be attractive to the average user because lacking the average user you'll have only specialists and bad guys populating your trusted oracle system, and those aren't good odds.
So is the new ETA TBD?
-
I like your idea but think there should 100% be a small but meaningful reward for successfully doing the job whose payment should be delayed by a decent period of time, say a week or a month that would allow any betrayal of trust to involve much of the vested time going unpaid.
It would encourage those who want to scam the network to just do it immediately because they're not going to be paid for most of the good work performed once the betrayal is discovered.
In other words, fail fast.
True decentralization isn't necessary for everything, the important part is to prevent to monopoly of what is "correct". So whether you do a random lottery or whatever, it should be attractive to the average user because lacking the average user you'll have only specialists and bad guys populating your trusted oracle system, and those aren't good odds.
So is the new ETA TBD?
+5%
I agree, a balance needs to be struck between decentralization, security, usability, utility and adoption, with a lowest common denominator approach.
Regarding this "trustee" role/function how does this really increase the risk of scrutiny from regulators? This game or experiment and its exchange j of virtual tokens will not change fundamentally, or am missing something?
-
"Notary" seems fine to me. I don't think it helps to over-euphamize things to the point that the word is inaccurate or unclear and meaningless... that does more damage than good
It seems like people keep imagining the notary has more power than it would. If it's easy to verify that it is following the rules why would it matter if it uses Tor? Could just make it harder to shut down.
-
So whats the worst case scenario if a trustee/notary/witness/acceptor/inscriber/signer/authenticator/watcher/super node/cute cuddly bunny goes rogue?
Could they get a double spend off and profit from it, even if they get caught and canned immediately afterwards? Lets say I have a million dollars worth of BTS. Could I double spend that and actually get a million dollars profit for doing it? This would be especially attractive if I had hosted the node through tor, as then all I'd have to do is wash the BTC I double spent for.
The only way for them to 'go rouge' and perform a double spend is if they isolated their victim from the rest of the network. As the Notary is not anonymous and their signature would be on two blocks at the same time, there would be incontrovertible proof of intent to defraud. So I would say that the potential for a double-spend is near 0... especially if you have your client connected to several verified and public peers (like major exchanges).
The most the Notary could do is delay the processing of transactions.
With respect to paying the Notary, that may be a reasonable thing to do because it would give the notary the financial resources to improve their security and provide redundancy in multiple jurisdictions. On the other hand paying the notary would result in even greater political battles because now you have financial incentive to stir up conflict and take over the role.
I prefer Notary to all the other terms because it conveys the role best: they have the power to sign/witness/certify transactions (contracts) but not to determine their contents. Operator sounds like it has too much control and witness and observer is passive. Trustee implies too much trust. There is no need 'trust' a notary.
In a way the notary is just a 'timestamp server' and this also avoids the notary being confused with the issuer or operator of a virtual currency.
-
+1 for "witness" instead of "trustee"
Sent from my SCH-I535 using Tapatalk
Witness has a negative connotation too because it's associated with courts and crime.
To me witness is almost as bad as trustee because of the frame and subliminal images it evokes.
Operator evokes the images of telephone operators from the time where calls had to be connected to each other manually. Older generations will remember this and have a positive frame of reference while younger generations may not know what it means except that it's associated with 911 or 0. Finally to make my case for use of the word more solid, operators reference communication or information networks while "witness" and "trustee" seem to reference the legal, justice, or government type of networks which people tend to want to avoid.
Observer also have a better frame and connotation than witness and means the same thing. So if you want to use something like witness but not have it evoke negative frames then observer would work.
Just a thought. The problem with terms like "trustee" or "witness" or "operator" may not really be one of positive vs. negative connotation. Maybe the problem is that such terms tend to evoke the wrong image in a reader's mind. A casual reader (maybe someone only slightly familiar with cryptocurrencies and bitShares) who first sees a term like "trustee" or "operator" would probably tend to think of an actual, flesh-and-blood person. I certainly did. Then, the reader's natural reaction would be to wonder whether a human being who oversees such centralization of power can be fallible, corruptible, etc. This type of gut reaction to the notion of having one human being wielding a lot of power could be why some people seem to be uneasy with the new scheme.
Wouldn't it be better to use terms that don't immediately lead the reader down the path of visualizing a human being? Terms like "facilitator" or "processor" might be better. Or, how about something like "trusted node" or "custodian node" or "operator node"? I confess to knowing almost nothing about the technical details of the newly proposed scheme, but I hope the point I'm making is clear. We want developers, people, and the community to evaluate the proposed scheme on the basis of its true merits and limitations, not on the basis of a misconceived view that evokes negative emotions...
-
It's why no-one's afraid of JPM-coin it might have a lot more utility, but if it involves more trust than existing decentralised alternatives I think it's already dead in the water.
Define trust? Do we not trust the mining pools not to collude? Do we not trust the government to to shutdown every mining pool or outlaw asic?
Trust is all relative and ultimately begs the question... "trust what?" and "what happens if my trust is violated?". In the case of Bitcoin if your trust in the mining pools and large ASIC manufactures is violated you have no recourse except to start a new chain based upon a new security model. Bitcoin miners own all sha256 based chains. What would happen if Bitcoin suddenly lost 75% of its value... would it be hung out to dry like PTS taking an hour per block? What happens if the 'core developers' make decisions that harm the network (possibly coerced) and the pools support these hard forks? You see, these other systems only have marketing behind them to make it appear as if their is no need to trust anyone. Ultimately you are trusting an unelected group of individuals who have erected barriers to entry that protects their power.
In the case of Ripple they have 90+% (last I heard) of the shares and ran the only servers which alone *define* the consensus. So in this case you are trusting them to be benevolent and not change their definition of consensus or block transactions. Ripple operates on a 'trustee' model defined by the "unique node list" on the principle that the UNL will not collude to defraud you.
So how have we improved things with TaPOS + Notary? First of all the largest shareholder in BTS systems has less than 10% and the remaining shares are divided among 1000s. Everyone participates in securing the network and making it immutable. No other system has this property of being immutable because it is always possible to mine longer alternative chains whether it is POS or POW. No other system has as every shareholder participating in the securing of the network and ultimately ratifying the ledger. You could say that TaPOS means that eventually every transaction is confirmed and ratified by 90% or more of the shareholders.
There are two kinds of decentralization: power & redundancy. There are two types of power: power to change and power to prevent change. In the bitcoin space, the miners have the power to change history and the power to block transactions. As soon as 51% of the hashing power is controlled any transaction can be blocked forever by the attacker refusing to build upon any block that includes it. As a government that didn't want make Bitcoin illegal (for political reasons), they could certainly 'follow the rules' and gain the ability to do far more than the Notary could with TaPOS. The notary has no ability to change history with only the power to prevent change and their power is easily taken from them.
With respect to 'centralization' of a point of failure, it is easy for the Notary to provide some redundancy and for the network to have contingency plans in place should anything happen. These contingency plans can be executed without manual involvement of everyone.
Decentralization: Removing barriers to entry and maximizing competition.
No other system is as decentralized as I am proposing.
Thanks for the response, know you are super busy.
No I don't trust pools not to collude or .gov not to go after pool operators. I have moved a greater allocation of my portfolio into gold since understanding that threat. I have also hedged in POS alt-coin NXT.
I should note I originally complained vehemently about AGS as well as later the allocation model of AGS and was obviously proved wrong and actually hold all my Bitshares via AGS rather than PTS. So I hope most of my fears are unfounded in this case as well.
The notary has no ability to change history with only the power to prevent change and their power is easily taken from them.
Ok that is re-assuring and sounds like an improvement on Bitcoin for sure, provided your mechanism for removing power is actually 'easily/rapid/effective'. However, I'm not clear how it is an improvement on NXT...
Even in its' current form NXT processes transactions fairly fast & I understand they have at least 100 public nodes in at least 10 geographic locations, albeit operated by only a few operators. (& a POS system with a public node incentive built into the fee model would make the decentralisation even broader.)
So NXT with improved fee model would allow for fast transactions, hard for a central authority to shut down & easy to rapidly exclude nodes that don't process certain transactions.
1. Transactions can be sent directly to the miner who will mine the next block (if he decides to reveal his location on the Internet), thus saving traffic and coming much closer to VISA/MasterCard processing volumes.
2. Blocks can be generated in advance and sent to most of the miners before they become valid (timestamp validation), thus greatly reducing rate of orphaned blocks.
3. Due to ability to predict timestamps of future blocks (rate of blocks) it becomes possible to set appropriate fees to assure quick confirmations for important transactions (without paying too much for inclusion into a block).
And the most important feature:
The network can detect which miners don't take part in block generation and act accordingly.
http://www.nxtcrypto.org/nxt-coin/transparent-forging
You say 'no other system has this property of being immutable because it always possible to mine longer alternative chains whether it is POS or POW'
I think NXT explains their defense to attack here, some of which is still not revealed but it seems solutions are possible?
Imagine someone is going to do a "51%" attack against Nxt and he owns 90% of all coins. The adversary must stop generating blocks for legit branch coz he won't be able to compete against 100% mining power with his 90%. So he decides to "skip" his turn to generate a block. The rest 10% of the network detects this and penalizes the adversary by setting his mining power to 0 and distributing it among other miners. Now the network is back to 100% power coz everyone got 10-fold increase. The adversary can mine other branch in a secret place but it won't be able to replace the legit branch. Of course, the 2nd branch will have 100% "hashing" power tied to it as well, coz the attacker will get his 90% bumped to 100% but this can be counteracted by some mechanisms of advanced consensus (still not revealed).
http://www.nxtcrypto.org/nxt-coin/transparent-forging
Your system appears to be easier for a central authority to shut down and would likely be slower to respond to a notary (similar to a public node) who acted nefariously as it would require some form of voting.
So whats the worst case scenario if a trustee/notary/witness/acceptor/inscriber/signer/authenticator/watcher/super node/cute cuddly bunny goes rogue?
Could they get a double spend off and profit from it, even if they get caught and canned immediately afterwards? Lets say I have a million dollars worth of BTS. Could I double spend that and actually get a million dollars profit for doing it? This would be especially attractive if I had hosted the node through tor, as then all I'd have to do is wash the BTC I double spent for.
The only way for them to 'go rouge' and perform a double spend is if they isolated their victim from the rest of the network. As the Notary is not anonymous and their signature would be on two blocks at the same time, there would be incontrovertible proof of intent to defraud. So I would say that the potential for a double-spend is near 0... especially if you have your client connected to several verified and public peers (like major exchanges).
The most the Notary could do is delay the processing of transactions.
Hmm, maybe that answers most of it, if the above means not that there is no incentive for them to double spend but that they can't perform a double spend and get the money out the system then that's cool. However I don't think you can double spend in NXT nd still think they can replace a bad notary faster. Don't worry about answering my question though, if you feel it's been covered, know you're busy and I should research/understand how more of this works myself.
Good luck, whatever decision you guys take I'm sure I'll probably be buying more BTS X than I have already been allocated as soon as they become trade-able.
-
So whats the worst case scenario if a trustee/notary/witness/acceptor/inscriber/signer/authenticator/watcher/super node/cute cuddly bunny goes rogue?
Could they get a double spend off and profit from it, even if they get caught and canned immediately afterwards? Lets say I have a million dollars worth of BTS. Could I double spend that and actually get a million dollars profit for doing it? This would be especially attractive if I had hosted the node through tor, as then all I'd have to do is wash the BTC I double spent for.
The only way for them to 'go rouge' and perform a double spend is if they isolated their victim from the rest of the network. As the Notary is not anonymous and their signature would be on two blocks at the same time, there would be incontrovertible proof of intent to defraud. So I would say that the potential for a double-spend is near 0... especially if you have your client connected to several verified and public peers (like major exchanges).
The most the Notary could do is delay the processing of transactions.
With respect to paying the Notary, that may be a reasonable thing to do because it would give the notary the financial resources to improve their security and provide redundancy in multiple jurisdictions. On the other hand paying the notary would result in even greater political battles because now you have financial incentive to stir up conflict and take over the role.
I prefer Notary to all the other terms because it conveys the role best: they have the power to sign/witness/certify transactions (contracts) but not to determine their contents. Operator sounds like it has too much control and witness and observer is passive. Trustee implies too much trust. There is no need 'trust' a notary.
In a way the notary is just a 'timestamp server' and this also avoids the notary being confused with the issuer or operator of a virtual currency.
If the notary is not paid, then what would be the motivation for competent agents to perform this service? (Agents who will spend the time and money on "to improve their security and provide redundancy in multiple jurisdictions")?
Hopefully,the role of notary would be undertaken by actors motivated by desire to further the emerging DAC vision. But, judging from my experience so far in the crypto world, there are also entities who will be wolves in sheep's clothing, awaiting and seeking an opportunity/vulnerability to game the system.
So my conclusion is that the notary should be paid just enough to compensate for legitimate security expenses. There will be two types of person wanting to undertake the service, one that wants to benefit the overall vision and one wanting to benefit only themselves. Either way, funding them above expenses is unnecessary.
-
And Luckybit has a good point that the focus of our argument for requiring a trustee should be based on the fact that shareholders are not placing any more trust in our trustee than XRP holders place in a gateway, or BTC holders place in the ASIC pools; and far less destruction to our personal holdings can result in a 100% breach of trust by our trustee in our case as compared to those who recently got goxed.
And does this trustee method really speed up transactions? Because Ripple is FAST !
Bytemaster is leaning toward kicking up the UTILITY factor here, and I wholeheartedly agree.
Ripple is a great example of how we already have proof the market hates a trusted gateway approach.
Despite it's utility, speed and the investment that went into it, it's trending to zero and the fact that there are no ripple clones/forks out there is very telling.
The biggest currencies since Bitcoin are the ones that have developed methods that involve less trust in ASIC pools, Litecoin, Peercoin, then NXT. (Do you think the introduction of scrypt asics soon will increase or decrease Litecoins value?)
It's why no-one's afraid of JPM-coin it might have a lot more utility, but if it involves more trust than existing decentralised alternatives I think it's already dead in the water.
Last time I checked, Ripple was the 2nd largest cryptocurrency in terms of market cap, still worth over $1 billion. For example, this is over 20x bigger than peercoin and over 30x bigger compared to NXT. The price of Ripple XRP seems to have tracked bitcoin pretty well over the past few months.
I thought that most of the hostility towards Ripple was due to their initially being closed-source and also the seemingly self-serving, "premined" way in which they distributed the Ripple XRP currency (i.e., they initially held on to 99% of the supply and only promised to give something like 1/2 away)?
-
No, let a vested stakeholder do it. Maybe the large exchanges would offer to do it and would compete for the publicity it offered.
Sent from my SCH-I535 using Tapatalk
-
The term trustee sounds like marketing suicide. Change the name.
Perhaps acceptor?
Notary?
Witness?
Operator.
The connotation https://en.wikipedia.org/wiki/Operator_assistance
Facilitator or Processor
trustee/notary/witness/acceptor/inscriber/signer/authenticator/watcher/super node/cute cuddly bunny
"Notary" seems fine to me. I don't think it helps to over-euphamize things to the point that the word is inaccurate or unclear and meaningless... that does more damage than good
I prefer Notary to all the other terms because it conveys the role best: they have the power to sign/witness/certify transactions (contracts) but not to determine their contents. Operator sounds like it has too much control and witness and observer is passive. Trustee implies too much trust. There is no need 'trust' a notary.
In a way the notary is just a 'timestamp server' and this also avoids the notary being confused with the issuer or operator of a virtual currency.
Wouldn't it be better to use terms that don't immediately lead the reader down the path of visualizing a human being? Terms like "facilitator" or "processor" might be better. Or, how about something like "trusted node" or "custodian node" or "operator node"?
-
I vote notary, or notary nodes.
-
I vote notary, or notary nodes.
I agree
-
I vote notary, or notary nodes.
+5%
-
And Luckybit has a good point that the focus of our argument for requiring a trustee should be based on the fact that shareholders are not placing any more trust in our trustee than XRP holders place in a gateway, or BTC holders place in the ASIC pools; and far less destruction to our personal holdings can result in a 100% breach of trust by our trustee in our case as compared to those who recently got goxed.
And does this trustee method really speed up transactions? Because Ripple is FAST !
Bytemaster is leaning toward kicking up the UTILITY factor here, and I wholeheartedly agree.
Ripple is a great example of how we already have proof the market hates a trusted gateway approach.
Despite it's utility, speed and the investment that went into it, it's trending to zero and the fact that there are no ripple clones/forks out there is very telling.
The biggest currencies since Bitcoin are the ones that have developed methods that involve less trust in ASIC pools, Litecoin, Peercoin, then NXT. (Do you think the introduction of scrypt asics soon will increase or decrease Litecoins value?)
It's why no-one's afraid of JPM-coin it might have a lot more utility, but if it involves more trust than existing decentralised alternatives I think it's already dead in the water.
Last time I checked, Ripple was the 2nd largest cryptocurrency in terms of market cap, still worth over $1 billion. For example, this is over 20x bigger than peercoin and over 30x bigger compared to NXT. The price of Ripple XRP seems to have tracked bitcoin pretty well over the past few months.
I thought that most of the hostility towards Ripple was due to their initially being closed-source and also the seemingly self-serving, "premined" way in which they distributed the Ripple XRP currency (i.e., they initially held on to 99% of the supply and only promised to give something like 1/2 away)?
No Ripple has a 'false-cap' they're multiplying their share price by 10-20x more that what's actually circulating in the market which is easily discernible from their low volume.
Similar to the way Auroracoin looked liked it had a huge cap only because 95% of the shares were held back and only a few were circulating. At least with Aurora though you knew when and how the airdrop was supposed to take place, with Ripple your share value is completely at the mercy of the central controllers, hoping and praying they won't be incentivised to devalue your shares too much, not unlike the way people are naive enough to believe central banks are working in their currency holders best interest.
-
Facilitator or Processor
+1 processor
Sent from my iPhone using Tapatalk
-
"A notary is a lawyer or person with legal training who is licensed by the state to perform acts in legal affairs, in particular witnessing signatures on documents. The form that the notarial profession takes varies with local legal systems.[1]"
http://en.wikipedia.org/wiki/Notary
I don't think this is a good choice. In the US notaries are relatively innocent and provide a basic function, however outside the US in some countries they act as government officials and wield an enormous amount of power.
-
Facilitator or Processor
+1 processor
Sent from my iPhone using Tapatalk
I am now leaning towards "processor" or "processor node" as well.
All the other suggestions have negatives as listed in the very astute posts above.
-
Bytemaster, appreciated your hard work and briliant idea. I think it's a really good thing that we weight all the proposals based on objective oriented instead of religiosely for the ideal concept of pure decentralization.
Although it's maybe a problem for marketing since the competitors will attach this concept w/ centralization and single failure point(whatever it's true or not), I believe if we really find a way to resolve all the business logic and technique issues or make it the best balanced solution obviously, we could educate people to support and join it gradually.
Till now, the only issue really bother me is the one I quote below - DDoS. I know as you mentioned the notary node(or processor node..) would have redunant all over the world(not just likely, it should be a requirement for "the notary"), but I still have 2 concern:
1. compare to the whole alive nodes on the network, the quantity of the reduntant nodes of "the notary" is
lower by ord of magnitude. To DDoS ten or one hundred nodes takes a lot of resource and much more
difficult than attack single node but it become feasible to do.
2. It's true that to attack all the reduntant nodes simultaneously is very difficult, but how about attack them
one by one? The attacker DDoS the current notary node first, and after the notary aware of the attack and
start to use the reduntant node, the attacker also start to DDoS the new one. That will impact the trade
very seriously and the attack could leverage it to affect the market price then make money from it.
This 2 concern will become more realistic when the system grow up to carry huge wealth and the expectation of this risk will suppress the value of the system seriously..
- One trustee one point of failure, the DDOS attack will be hard to prevent
DDOS is not really possible because the network would still be broadcast based and the trustee would likely have multiple redundant nodes all over the world ready to sign blocks if there were an issue.
-
Bytemaster, appreciated your hard work and briliant idea. I think it's a really good thing that we weight all the proposals based on objective oriented instead of religiosely for the ideal concept of pure decentralization.
Although it's maybe a problem for marketing since the competitors will attach this concept w/ centralization and single failure point(whatever it's true or not), I believe if we really find a way to resolve all the business logic and technique issues or make it the best balanced solution obviously, we could educate people to support and join it gradually.
Till now, the only issue really bother me is the one I quote below - DDoS. I know as you mentioned the notary node(or processor node..) would have redunant all over the world(not just likely, it should be a requirement for "the notary"), but I still have 2 concern:
1. compare to the whole alive nodes on the network, the quantity of the reduntant nodes of "the notary" is
lower by ord of magnitude. To DDoS ten or one hundred nodes takes a lot of resource and much more
difficult than attack single node but it become feasible to do.
2. It's true that to attack all the reduntant nodes simultaneously is very difficult, but how about attack them
one by one? The attacker DDoS the current notary node first, and after the notary aware of the attack and
start to use the reduntant node, the attacker also start to DDoS the new one. That will impact the trade
very seriously and the attack could leverage it to affect the market price then make money from it.
This 2 concern will become more realistic when the system grow up to carry huge wealth and the expectation of this risk will suppress the value of the system seriously..
- One trustee one point of failure, the DDOS attack will be hard to prevent
DDOS is not really possible because the network would still be broadcast based and the trustee would likely have multiple redundant nodes all over the world ready to sign blocks if there were an issue.
The IP address of the notary need not be known which would prevent DDOS on the notary server.
-
"A notary is a lawyer or person with legal training who is licensed by the state to perform acts in legal affairs, in particular witnessing signatures on documents. The form that the notarial profession takes varies with local legal systems.[1]"
http://en.wikipedia.org/wiki/Notary
I don't think this is a good choice. In the US notaries are relatively innocent and provide a basic function, however outside the US in some countries they act as government officials and wield an enormous amount of power.
Perhaps the 'timekeeper'?
-
"A notary is a lawyer or person with legal training who is licensed by the state to perform acts in legal affairs, in particular witnessing signatures on documents. The form that the notarial profession takes varies with local legal systems.[1]"
http://en.wikipedia.org/wiki/Notary
I don't think this is a good choice. In the US notaries are relatively innocent and provide a basic function, however outside the US in some countries they act as government officials and wield an enormous amount of power.
Perhaps the 'timekeeper'?
Referee?
-
No "referee"...There is so much argument and scandal in sports game about referees... "timekeeper" should be a good idea.. people will not catch the exact meaning of "timekeeper" for a DAC at first, and that could be a good thing.
-
"A notary is a lawyer or person with legal training who is licensed by the state to perform acts in legal affairs, in particular witnessing signatures on documents. The form that the notarial profession takes varies with local legal systems.[1]"
http://en.wikipedia.org/wiki/Notary
I don't think this is a good choice. In the US notaries are relatively innocent and provide a basic function, however outside the US in some countries they act as government officials and wield an enormous amount of power.
Perhaps the 'timekeeper'?
If we go with this solution I vote for 'timekeeper'. Still many things unclear to me. Can you explain how you'll solve the "without manual involvement of everyone" because if there is a way to solve "without manual involvement of everyone" the "trustee" solution it starting to make a lot more sens.
With respect to 'centralization' of a point of failure, it is easy for the Notary to provide some redundancy and for the network to have contingency plans in place should anything happen. These contingency plans can be executed without manual involvement of everyone.
-
Bytemaster, appreciated your hard work and briliant idea. I think it's a really good thing that we weight all the proposals based on objective oriented instead of religiosely for the ideal concept of pure decentralization.
Although it's maybe a problem for marketing since the competitors will attach this concept w/ centralization and single failure point(whatever it's true or not), I believe if we really find a way to resolve all the business logic and technique issues or make it the best balanced solution obviously, we could educate people to support and join it gradually.
Till now, the only issue really bother me is the one I quote below - DDoS. I know as you mentioned the notary node(or processor node..) would have redunant all over the world(not just likely, it should be a requirement for "the notary"), but I still have 2 concern:
1. compare to the whole alive nodes on the network, the quantity of the reduntant nodes of "the notary" is
lower by ord of magnitude. To DDoS ten or one hundred nodes takes a lot of resource and much more
difficult than attack single node but it become feasible to do.
2. It's true that to attack all the reduntant nodes simultaneously is very difficult, but how about attack them
one by one? The attacker DDoS the current notary node first, and after the notary aware of the attack and
start to use the reduntant node, the attacker also start to DDoS the new one. That will impact the trade
very seriously and the attack could leverage it to affect the market price then make money from it.
This 2 concern will become more realistic when the system grow up to carry huge wealth and the expectation of this risk will suppress the value of the system seriously..
- One trustee one point of failure, the DDOS attack will be hard to prevent
DDOS is not really possible because the network would still be broadcast based and the trustee would likely have multiple redundant nodes all over the world ready to sign blocks if there were an issue.
The IP address of the notary need not be known which would prevent DDOS on the notary server.
Thanks for quick response. So the solution will be the "timekeeper" to random change the ip address everytime after each block produced(and for sure the address will not be announced) and use the Tor to hide the IP all the time?
Sounds like workable. Hope it's solid enough to prevent DDoS even when the system values billion or trillion dollars. :D
-
We are certainly entering overkill range at this point, but what the hell?
Block Agent
Secretary
Block Administrator
-
(http://i.imgur.com/LJZI6CE.jpg)
-
Metronome or metronode
Chronicle node
So far, I'd keep it simple like timestamp or clock node.
-
Metronome or metronode
Chronicle node
So far, I'd keep it simple like timestamp or clock node.
I'd separate it further "timestamp server" The only issue I see, is that when someone realizes it really is more than that, they might feel as if the name is meant to mislead.
-
I concur on "timekeeper" for our marketing campaign. Who said that first? Give them a tip I say. You guys are awesome. And unless anybody has something more soothing, lets move on the the next item on the agenda. Here's why you should vote for "timekeeper":
Impartiality is implied with respect to the fact that nobody can fight or win a dispute against "time."
Also, "timekeeping" or "digital syncing" is a standard technical aspect in the 20-year old worlds of digital audio/video production, and has been since the 90's. Anybody (and probably everybody by now) who has ever worked with digital A/V equipment (do they even make analog equipment anymore) will immediately understand the need for and benefit from the implementation of a high quality master "timekeeping" device when processing their digital audio or video data bits.
But these are not bitcoin people, but maybe 2% of the other 99% of the people who have no clue about Satoshi. In other words, this targeted marketing group should in theory be smart enough to make the technical leap necessary to grasp the benefit of Satoshi's basic concepts. They should be early adopters. Best of all, these people love it when their systems have a "master digital clock!"
That is because, in their digital world, the implementation of a "timekeeper" or "master clock" as they say, guarantees the highest levels of security (compatibility and sometimes increased A/V quality) for their system. Studios and free-lancers will always advertise their use of such devices in the same way that contractors show that they are "bonded" or can afford a lawsuit if sued. It adds a high level of DOGE-ness or assured happy secure branding where nobody could possibly hate a cute puppy, so like: relax, man we got the highest level of security on your artwork (Bitshares), because we have a "master clock" so that nothing will fail during the recording process. Ahhhhh, thanks bro.
Also since their happy "timekeeper" is basically a computer programmed by a human. All they will need to know to sleep soundly is how our programming process works in reverse (since we cannot have an actual computerized timekeeper). Your marketing focus should deal with our specific instruction set that our human clock (acting as a computer clock) will carry out in every conceivable instance (order, wording, priority, etc). That list of commands needs to be ironed out and re-worded with enough dogystyle to convert the hardline "to infinity and beyond" hardliners who demand 100% secure DACs.
To sum up, we will use a term that is a hallmark of both safety and security for a group who is larger in size than all the BTC early adopters, and whom understand technical concepts similar to Bitcoin.
"Timekeeper," is textbook propaganda of the highest level rivaling that of the "affordable care act" which caused my premiums to jump 20% this year. What do we say about imitation here in open source land? We love forking, and we fork only the very best!
Here is an article that was written 4 years ago showing how much the audio community was obsessing about this back then. "Clocks" were industry standard in the video industry a decade prior to the audio industry simply because "clocks" are more necessary in more complex systems, and video is an order of magnitude more complex in production than audio:
http://www.soundonsound.com/sos/jun10/articles/masterclocks.htm
How long have video scalers been around? Who has not heard of 480/720/1080P? This stuff is pretty common nowadays to anyone who has lusted after a crisper picture on their flat screen:
http://en.wikipedia.org/wiki/Video_scaler
I just registered on this forum last night, and if I had done it a day later, I would have forever be known as "TIMEKEEPER" (yeah, probably in all caps too). Fate's fickle finger.
Wow try to beat that !!! Timekeeper must win.
-
Chronicle
Register
Scroll
...or just create a new term or name that we get to define from scratch...
Notar
Bitreg
Reggie
...or Al... We could just call him Al.
Sent from my Nexus 7 using Tapatalk
-
(http://i.imgur.com/LJZI6CE.jpg)
Literally the first funny meme I have seen on this forum +1 teach me
Sent from my SCH-I535 using Tapatalk
-
Assumptions:
With the shares system we have an easy way to vote on anything.
With the TaPOS system the transaction ledger becomes immutable automatically over time as the ledger is confirmed by everyone on the network.
Generating the next block should be as efficient as possible to maximize dividends.
Transaction validation should be as quick as possible.
Solution:
Shareholders vote (off chain) on a trustee.
Trustee generates blocks every 30 seconds (or at will..... no need to require any particular rate)
If trustee is compromised or shutdown, shareholders can elect a new trustee by broadcasting their vote.
Once a new trustee has 51% of the shareholders support the network continues.
As a trustee you cannot double spend (you will be caught and fired).
As a trustee you cannot perform Denial of Service without being caught and fired.
As a trustee you cannot be coerced without being let go.
As a shareholder this maximizes your value (dividends, transaction speed, no potential of forks).
A trustee is not a paid position and requires almost no resources to run. A trustee could even operate behind a tor node.
The result is like a 'constitutional company' where the laws are entirely defined in the constitution and the 'president' can be recalled at any time and has almost no power even when in office.
This same process can be used to resolve when a hard fork goes into effect.
Thoughts?
Does this have the potential to delay the release of ME/XTS/Lotto/DNS .? I assumed the end of March for the first DAC (ME) to be released... :o
anyone to comment on this?
This change has accelerated the process. I think I could release something prior to going to NYC... but don't want to launch a chain and then be gone on travel for a week.
I think I will launch the test-test prior to NYC... then the real XT network when I get back. Of course all software development times are estimates.
test-test prior to NYC
that wouldn't yet involve the ability to claim BTS X / XTS I guess? Claiming XTS would be after NYC (7-8.4)?
-
"TIMEKEEPER" +1
-
So whats the worst case scenario if a trustee/notary/witness/acceptor/inscriber/signer/authenticator/watcher/super node/cute cuddly bunny goes rogue?
Could they get a double spend off and profit from it, even if they get caught and canned immediately afterwards? Lets say I have a million dollars worth of BTS. Could I double spend that and actually get a million dollars profit for doing it? This would be especially attractive if I had hosted the node through tor, as then all I'd have to do is wash the BTC I double spent for.
The only way for them to 'go rouge' and perform a double spend is if they isolated their victim from the rest of the network. As the Notary is not anonymous and their signature would be on two blocks at the same time, there would be incontrovertible proof of intent to defraud. So I would say that the potential for a double-spend is near 0... especially if you have your client connected to several verified and public peers (like major exchanges).
The most the Notary could do is delay the processing of transactions.
With respect to paying the Notary, that may be a reasonable thing to do because it would give the notary the financial resources to improve their security and provide redundancy in multiple jurisdictions. On the other hand paying the notary would result in even greater political battles because now you have financial incentive to stir up conflict and take over the role.
I prefer Notary to all the other terms because it conveys the role best: they have the power to sign/witness/certify transactions (contracts) but not to determine their contents. Operator sounds like it has too much control and witness and observer is passive. Trustee implies too much trust. There is no need 'trust' a notary.
In a way the notary is just a 'timestamp server' and this also avoids the notary being confused with the issuer or operator of a virtual currency.
So assuming the risk of a double spend attack is low, what would the consequences be? How would this affect the network? What would happen if this individual got depressed/suicidal/broke up with his GF/got hacked by .gov or for whatever reason the node did not operate as specified?
The chances of my being fooled by a transvestite and taking her home from a bar are very very low, but the consequences are so very high that you can be damn sure I have a thorough vetting process in place.
Sorry for the lewd analogy but I'm trying to express my concerns in a manner others might understand.
-
Probability of a double spend is so low that it is not even worth considering....
1) You would have to be doing business with the Timekeeper
2) The timekeeper would have to isolate you from the rest of the network
3) Given that everyone knows who the timekeeper is (likely a group of people) they would not get away with it...
4) As soon as the double spend was detected it would be very clear which chain had the most TaPOS behind it and was public and which one was the attackers chain.
Assuming you are connected to several well known nodes in the network other than the timekeeper with cryptographic prevention of man in the middle, the probability of attack by timekeeper is 0 without collusion.
-
Probability of a double spend is so low that it is not even worth considering....
1) You would have to be doing business with the Timekeeper
2) The timekeeper would have to isolate you from the rest of the network
3) Given that everyone knows who the timekeeper is (likely a group of people) they would not get away with it...
4) As soon as the double spend was detected it would be very clear which chain had the most TaPOS behind it and was public and which one was the attackers chain.
Assuming you are connected to several well known nodes in the network other than the timekeeper with cryptographic prevention of man in the middle, the probability of attack by timekeeper is 0 without collusion.
I get that. probability is very low. Probability must be weighed against consequences though. if probability is high and consequences are low risky behavior is okay. however with unknown consequences probability is a useless value. I would like to know the consequences should a very low probability event occur.
-
Probability of a double spend is so low that it is not even worth considering....
1) You would have to be doing business with the Timekeeper
2) The timekeeper would have to isolate you from the rest of the network
3) Given that everyone knows who the timekeeper is (likely a group of people) they would not get away with it...
4) As soon as the double spend was detected it would be very clear which chain had the most TaPOS behind it and was public and which one was the attackers chain.
Assuming you are connected to several well known nodes in the network other than the timekeeper with cryptographic prevention of man in the middle, the probability of attack by timekeeper is 0 without collusion.
I get that. probability is very low. Probability must be weighed against consequences though. if probability is high and consequences are low risky behavior is okay. however with unknown consequences probability is a useless value. I would like to know the consequences should a very low probability event occur.
Consequences are one individual who is out of money and must take the Timekeeper to court for fraud. Timekeeper would be cut off from all business relationships in the community and labeled a scammer for life. Total amount lost? depends upon how rich you are and how rich the timekeeper is....
Like I said, probability is 0 and consequences are near 0 damage (to the network) and perhaps some damage to *ONE* individual for *ONE* transaction. In other words this is MUCH better than Bitcoin.
-
Probability of a double spend is so low that it is not even worth considering....
1) You would have to be doing business with the Timekeeper
2) The timekeeper would have to isolate you from the rest of the network
3) Given that everyone knows who the timekeeper is (likely a group of people) they would not get away with it...
4) As soon as the double spend was detected it would be very clear which chain had the most TaPOS behind it and was public and which one was the attackers chain.
Assuming you are connected to several well known nodes in the network other than the timekeeper with cryptographic prevention of man in the middle, the probability of attack by timekeeper is 0 without collusion.
I get that. probability is very low. Probability must be weighed against consequences though. if probability is high and consequences are low risky behavior is okay. however with unknown consequences probability is a useless value. I would like to know the consequences should a very low probability event occur.
Consequences are one individual who is out of money and must take the Timekeeper to court for fraud. Timekeeper would be cut off from all business relationships in the community and labeled a scammer for life. Total amount lost? depends upon how rich you are and how rich the timekeeper is....
Like I said, probability is 0 and consequences are near 0 damage (to the network) and perhaps some damage to *ONE* individual for *ONE* transaction. In other words this is MUCH better than Bitcoin.
I wholeheartedly agree that this is better than bitcoin. After all I wouldn't be moving my BTC reserves to PTS/AGS if I didn't agree. The product is of course very different than bitcoins product.
Is the network designed to rapidly resolve forks without damage to shareholders or transactors? What happens to the transactions on a fork with fewer CDD?
Following my prior analysis it seems to me that this recent modification of protocol is an attempt to reduce forks, which leads me to believe that forks would cause greater damage to the system than centralizing block creation.
In essence, while your security may be better than bitcoin, you are also attempting to do more than bitcoin. If you were attempting to provide a better payment system I would be sold, but with the real time trading of bitassets I've got to be more suspicious.
**edit** I'm also drunk and going to bed. If you take that as a judgment on my viewpoint I woulds ask that you take a long serious look at your motivations. If you take this as an excuse for any errors on my part, I would appreciate it. Good night.
-
Forks are a bigger problem for BTS X because of the built in market... forks must be avoided. Using the Timekeeper eliminates forks unless the Timekeeper is hacked... but TaPOS allows us to easily resolve forks in that instance. I was spending a lot of time trying to minimize forks... unfortunately, TaPOS takes longer to accomplish the task on its own than proof-of-work does.
For starters if the timekeeper were hacked and their keys stolen the timekeeper couldn't trick any nodes already connected to the network because they would immediately see the conflicting signature and adopt the new timekeeper (pre-arranged of course).
So a hack of the timekeeper would introduce the potential of a fork of 1 or 2 blocks at most before the blocks propagated and everyone recognized the attack had occurred.
-
Forks are a bigger problem for BTS X because of the built in market... forks must be avoided. Using the Timekeeper eliminates forks unless the Timekeeper is hacked... but TaPOS allows us to easily resolve forks in that instance. I was spending a lot of time trying to minimize forks... unfortunately, TaPOS takes longer to accomplish the task on its own than proof-of-work does.
For starters if the timekeeper were hacked and their keys stolen the timekeeper couldn't trick any nodes already connected to the network because they would immediately see the conflicting signature and adopt the new timekeeper (pre-arranged of course).
So a hack of the timekeeper would introduce the potential of a fork of 1 or 2 blocks at most before the blocks propagated and everyone recognized the attack had occurred.
what will happen on the transactions contained in that one or two blocks? get lost?
will the “timekeeper” also be implemented in other bitshares dacs?
how does everyone recongnize the attack? automattically by algorithm?
-
Recognized by algorithm.
Transactions will not get lost if they can be migrated.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
-
Assumptions:
With the shares system we have an easy way to vote on anything.
With the TaPOS system the transaction ledger becomes immutable automatically over time as the ledger is confirmed by everyone on the network.
Generating the next block should be as efficient as possible to maximize dividends.
Transaction validation should be as quick as possible.
Solution:
Shareholders vote (off chain) on a trustee.
Trustee generates blocks every 30 seconds (or at will..... no need to require any particular rate)
If trustee is compromised or shutdown, shareholders can elect a new trustee by broadcasting their vote.
Once a new trustee has 51% of the shareholders support the network continues.
As a trustee you cannot double spend (you will be caught and fired).
As a trustee you cannot perform Denial of Service without being caught and fired.
As a trustee you cannot be coerced without being let go.
As a shareholder this maximizes your value (dividends, transaction speed, no potential of forks).
A trustee is not a paid position and requires almost no resources to run. A trustee could even operate behind a tor node.
The result is like a 'constitutional company' where the laws are entirely defined in the constitution and the 'president' can be recalled at any time and has almost no power even when in office.
This same process can be used to resolve when a hard fork goes into effect.
Thoughts?
Bytemaster, it's a great idea, I like it very much, thank you!
-
Recognized by algorithm.
Transactions will not get lost if they can be migrated.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
For example, blocks 101 & 102 generated by A are recognized as 'illegal' blocks, then another timekeeper B is selected to take charge.
1. Are you confident enough to say the 'illegal' blocks can be recognized within several blocks ?
2. Will B start with block 100, then migrate the legal transactions contained in old 101 &102 to the new 101 &102 ?
3. What if B is also hacked or dishonest? Is the network/algorithm strong enough for the next timekeeper C to distinguish the legal transactions contained in the pre blocks 101 &102 generated by A and B since the chain has been forked twice.
-
Recognized by algorithm.
Transactions will not get lost if they can be migrated.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
For example, blocks 101 & 102 generated by A are recognized as 'illegal' blocks, then another timekeeper B is selected to take charge.
1. Are you confident enough to say the 'illegal' blocks can be recognized within several blocks ?
2. Will B start with block 100, then migrate the legal transactions contained in old 101 &102 to the new 101 &102 ?
3. What if B is also hacked or dishonest? Is the network/algorithm strong enough for the next timekeeper C to distinguish the legal transactions contained in the pre blocks 101 &102 generated by A and B since the chain has been forked twice.
A time keeper could make any choice he wanted... probably going with the first transactions he saw.
-
I still don't how exactly is the voting done. Is it like actually voting where some candidates make them known (in these forums, say), and we vote? If that is done, doesn't it make sense to start with I3 as the timekeeper anyways? I don't know anybody else but obviously trust I3.
-
It would be a nice touch to have a rotary-notary spanning 5 continents...
-
Recognized by algorithm.
Transactions will not get lost if they can be migrated.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
For example, blocks 101 & 102 generated by A are recognized as 'illegal' blocks, then another timekeeper B is selected to take charge.
1. Are you confident enough to say the 'illegal' blocks can be recognized within several blocks ?
2. Will B start with block 100, then migrate the legal transactions contained in old 101 &102 to the new 101 &102 ?
3. What if B is also hacked or dishonest? Is the network/algorithm strong enough for the next timekeeper C to distinguish the legal transactions contained in the pre blocks 101 &102 generated by A and B since the chain has been forked twice.
A time keeper could make any choice he wanted... probably going with the first transactions he saw.
Em.. I am confused. If the timekeeper could make any choice he wanted, doesn't it mean that the legal transactions in the illegal blocks get lost (if he abandons these blocks ), or the illegal transactions get confirmed (if he continues with that chain)?
-
I'd prefer to trust in my ability to protect my private key than to trust a trustee. A digital company shouldn't require any voting or representatives to vote on behalf of shareholders. Otherwise it defeats the purpose of calling it a DAC because it is no longer autonomous in the slightest sense because instead of the code taking care of that now we have to rely on people.
Agreed! Not to mention that any "voting" implies human agency as well as rapid and accurate dispersion of information, like we're all going to be sitting at our BitShares consoles all day, and browsing the BitShares forum all day, ready to change our vote if something bad happens, because the only way that we can be sure that something bad is happening would be to talk about it with others and see if they're seeing what we're seeing. And there's going to be plenty of potential for rumor-mongering, scare-mongering, and other kinds of Social Engineering. Not to mention just plain whining, "I submitted my transaction at 10:25 and it wasn't included in a block until 10:29, waaah waah, the trustee is blocking my transactions!"
With proof of stake your private key is your proof.
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Do you mean private keys have to be risked with POS (forging) because they can not be used for forging when they are in cold storage?
They don't if you can sign for a delegate! Keep 90% in cold storage and have your 10% hot wallet sign for all of them. You could easily have revocation keys so you wouldn't have to take your shares out of cold storage to take away the voting power if your hot wallet is swiped.
I was thinking something similar. Why couldn't you link your address to another address that has zero coins assigned to it. You could then put your real wallet into cold storage and the empty wallet could provide security through POS. If someone hacks my PC they would only get my voting power, and only until I pulled my wallet out of cold storage and used it to sign a new block with a new link. Am I making sense? Could this work?
Yes, one of the coins (I forget which) has a "Savings Address" (like a Savings Account vs. a Checking Account) where the Savings Address transactions are recallable/cancelable for a certain amount of time, and transaction output must go to a certain address (the "Checking" address) and to no other. In this case, the Savings Address could assign its Stake-Days to the Checking Address, but the Savings coins themselves could be kept in a cold wallet.
I don't know that I completely understand the power that the trustee(s) have and what happens if all trustees colluded. But, I'm willing to reserve judgement if you think it's the best system and give it a shot.
I think that if the mechanisms are not well communicated there would be a lot of FUD that would affect initial demand/value.
A trustee is just a node that asserts it saw a block by signing it. It stops forks, but gives the power to stall the network OR perform a double-spend with cooperation of a large number of shares. They would get caught though, which is actually really important.
I think that some of the concern about forks is over-wrought. In traditional PoW coins like Bitcoin, the blocks themselves might be different, but the transactions in the blocks are largely the same. Most importantly, the ordering of transactions can never be switched because the inputs must be validated by the miner (and indeed, all nodes). If I've got 2 chained transactions A->B, B->C, both of those transactions can be included in the same block, or A->B in the first block, and B->C in the next, but never B->C then A->B because B will not have the input from A, and it will be rejected.
Without a trustee all other technical solutions are attempts to do the following:
1) Randomly select someone proportional to their stake in the system... they become 'trustee for a block'.
2) Pay / Punish this person for not producing a block.
As I have suggested in the past, the "Punish" option is not necessary: you could simply negate the "Stake-Day Destruction" that would have happened if they had won the block, so they can try again. The Stake-Days are only destroyed when a block is created with those coins, and the Stake is associated with the coins, not the address. In the imagined "send a large transaction from myself to myself in order to try for a PoS block" scenario, the same user ends up with the same stake as before, just in a different address. If they create a transaction with a large number of Stake-Days with one of the outputs being another user's address, the recipient will now hold the Stake (and they might end up being the miner of the new block, based on receiving that Stake).
As soon as you have this random selection you simultaneously open up the network for random attacks by anonymous parties. The sheer number of hypothetical attacks that are possible under these 'random selection' processes means that the network is likely less secure and predictable. All of a sudden people start mining blocks that exclude bids/asks to their benefit or to trigger margin calls. Put another way, randomly selecting people to produce blocks gets you 'average' performance and 'random' manipulation. Delegating through your proof of stake to a trustee maximizes the predictability and fairness of the chain.
This seems hand-wavey, is there an example of an attack which would work better on a bunch of random nodes than one one central, known node? (Even if they had backups and multiple network locations, that's still a much smaller number of targets than the potential entire network.)
Effectively 'delegation' using your stake is exactly what I am proposing. Person A delegates to person B, who in turn can delegate to person C. Eventually all of the delegates have to arrive at a 51% consensus on who produces the next block. If someone sets up some software in a 'set it and forget it' manner then the network is perfectly safe unless this person is attacked. If they are attacked then the network can quickly appoint (probably pre-arranged) the fallback.
At any time someone with stake can change who they delegate their vote to.
If we can stay objective here and identify what attack we are afraid of and define what we are attempting to defend against in the most clear way possible then we can find the best solution. Get to the *root* of the problem and solve that.
Without getting to the root we have solutions in search of problems and we end up paying for things that we do not need or even want (mining).
The problem with delegation chains is that we will end up with essentially the same situation as Bitcoin: a mining cabal of ~15 individuals who have accumulated power, and whose decisions can affect everybody. The "votes" will end up concentrated in the hands of a few individuals, who will all be well-informed and well-connected, but essentially you could end up with all kinds of bribery and corruption. Say we've got 2 main candidates for Trustee, at 52% and 48%; you know the guy with 48% will be lobbying all of the 5% holders to change their vote and make him the Trustee. Hell, the 5% guy may end up getting his jollies switching from one Trustee to the other with each block! And sure, eventually the people who had delegated their votes to the 5% guy will switch away, but they're probably not going to get any immediate signs that something's going wrong.
My hopes for BTS were not just about decentralization per se. They were about removal of trust from any individual, or group of individuals. Trust only the code, because you can read the code and bash the code and improve the code yourself. Now we have to trust some set of individuals to make the right decisions? That's BS. I mean hell, I'll just quote Stan's definition of a DAC:
Distributed Autonomous Corporations (DAC) run without any human involvement under the control of an incorruptible set of business rules. (That’s why they must be distributed and autonomous.) These rules are implemented as publicly auditable open source software distributed across the computers of their stakeholders.
(Emphasis added)
I know this was a long-ass post, I'm sorry but I wanted to get my thoughts out there. I'm not even done catching up on this thread but I've got to go. I have very serious concerns with this new direction. I know that I'm just one voice out of many, but hopefully some of my thoughts will make a difference.
-
The problem with delegation chains is that we will end up with essentially the same situation as Bitcoin: a mining cabal of ~15 individuals who have accumulated power, and whose decisions can affect everybody. The "votes" will end up concentrated in the hands of a few individuals, who will all be well-informed and well-connected, but essentially you could end up with all kinds of bribery and corruption. Say we've got 2 main candidates for Trustee, at 52% and 48%; you know the guy with 48% will be lobbying all of the 5% holders to change their vote and make him the Trustee. Hell, the 5% guy may end up getting his jollies switching from one Trustee to the other with each block! And sure, eventually the people who had delegated their votes to the 5% guy will switch away, but they're probably not going to get any immediate signs that something's going wrong.
I think it's a critical difference is that because stake-miners have no economies of scale there is no centralization of mining power per individual. Less opportunity for "cabals" to form because their is more fluidity at all level of the hierarchy.
Maybe you need to be able to use your vote *against* someone. Then the reddit hivemind can protect the network by downvoting bad trustees! =D
-
The result is like a 'constitutional company' where the laws are entirely defined in the constitution and the 'president' can be recalled at any time and has almost no power even when in office.
This same process can be used to resolve when a hard fork goes into effect.
Thoughts?
It seems to me that you are trying to solve a problem that the Bitcoin devs have not even implemented a solution for. (How to stop forks and the 51% attack)
I don't think security is a problem if the companies operating within the framework of the DAC double check their transactions manually.
Yes, a DDOS could still shut down the network for a while, so I guess you just have to buy some DDOS protection from an external source. Is this doable?
You want to remove mining from the equation? Why not just form a traditional corporation? It seems to me that is what you're getting at anyway. You already control the code, so you control everything anyway. How are you going to get people to devote their own computing resources to secure the blockchain?
I have a stake, so I want it to be done right, so take as long as you need to figure out how to implement Bitshares-X. You've already taken the snapshot, perhaps to stimulate interest and discussions like these, I don't know, but it seem to me that the plan for development and implementation of Bitshares-X has gone off on a dangerous tangent.
Am I right? Am I wrong? Am I partially wrong? Am I completely wrong?
The idea of Distributed Autonomous Applications/Companies/etc are important, I think, for the future and freedom of the internet. What are you doing to this end? Is hacking together a bunch of legal rules in a legal off-chain document going to serve this purpose? Does it even serve the purposes of the shareholders?
-
The result is like a 'constitutional company' where the laws are entirely defined in the constitution and the 'president' can be recalled at any time and has almost no power even when in office.
This same process can be used to resolve when a hard fork goes into effect.
Thoughts?
It seems to me that you are trying to solve a problem that the Bitcoin devs have not even implemented a solution for. (How to stop forks and the 51% attack)
I don't think security is a problem if the companies operating within the framework of the DAC double check their transactions manually.
Yes, a DDOS could still shut down the network for a while, so I guess you just have to buy some DDOS protection from an external source. Is this doable?
You want to remove mining from the equation? Why not just form a traditional corporation? It seems to me that is what you're getting at anyway. You already control the code, so you control everything anyway. How are you going to get people to devote their own computing resources to secure the blockchain?
I have a stake, so I want it to be done right, so take as long as you need to figure out how to implement Bitshares-X. You've already taken the snapshot, perhaps to stimulate interest and discussions like these, I don't know, but it seem to me that the plan for development and implementation of Bitshares-X has gone off on a dangerous tangent.
Am I right? Am I wrong? Am I partially wrong? Am I completely wrong?
The idea of Distributed Autonomous Applications/Companies/etc are important, I think, for the future and freedom of the internet. What are you doing to this end? Is hacking together a bunch of legal rules in a legal off-chain document going to serve this purpose? Does it even serve the purposes and interests of the shareholders?
-
It seems to me that you are trying to solve a problem that the Bitcoin devs have not even implemented a solution for. (How to stop forks and the 51% attack)
Yes, I am trying to solve a lot of problems Bitcoin hasn't solved.
Why not just form a traditional corporation?
Regulatory issues and that would be more centralized than I am suggesting. It would have so many problems I wouldn't know where to begin.
How are you going to get people to devote their own computing resources to secure the blockchain?
The network isn't secured by computing resources.
but it seem to me that the plan for development and implementation of Bitshares-X has gone off on a dangerous tangent.
I see this as no tangent, but critical to the design goals. Forks are more harmful (even short ones) for BTS X due to the market being built in.
The good news is that I have a proposal that is more decentralized than a single Notary and a similar level of decentralization as bitcoin.
-
First of all the largest shareholder in BTS systems has less than 10% and the remaining shares are divided among 1000s.
You have no way of knowing this, because you have no way of knowing the owners of the BTC and PTS addresses. Could be one guy with 1000s of addresses. Of course we can be pretty sure that it's more than one guy, just based on the people in this forum, but there could easily be far greater concentration than you are aware of at this moment.
Everyone participates in securing the network and making it immutable. No other system has this property of being immutable because it is always possible to mine longer alternative chains whether it is POS or POW. No other system has as every shareholder participating in the securing of the network and ultimately ratifying the ledger. You could say that TaPOS means that eventually every transaction is confirmed and ratified by 90% or more of the shareholders.
Mining a longer alternative chain in PoS would require very significant ownership in order of having a good chance of mining 2 or more blocks in a row. I'm pretty sure that it is way more than 51%. This is because stake is reset to 0 when a block is mined. If you have a large number of coins held by a single address, ok, that's a large stake, but it's all reset to 0 when a block is mined, so there is no chance for that address to mine the next block. If you have a large number of coins held by multiple addresses all owned by the same attacker, that's more possible, but because each of these will be reset to 0 each time, the number of blocks in a row that can be mined is very limited. Each address taking part in the attack will need to have more stake than the rest of the network combined. So the first address used in the attack will need to have 51% of all stake; the second address used in the attack will need 25%; the third address used in the attack will need 13%; and so on. So for an attack to be successful for one block, the attacker needs 51%; for two blocks, they will need 76%; for 3 blocks, they will need 89% of all stake. (Of course, this is different than owning 89% of all coins, but you get the idea.)
(Side note: It would be nice to have, somehow visible within the interface or on a website or whatever, a list of all current stake. That way we could see if stake is being built up somewhere.)
(As another thought about stake: How about making an increase in stake dependent on running a node? I don't think that this has been done before. Every block has a hash. Let's say the hash starts with ABC. Every node with address matching AxxxxxxBxxxxxxC (or some other formulation) must "check in" by sending a transaction to themselves to prove that they're connected. This transaction does not lose stake-days or coin-days, and in fact it is required in order for stake-days to be increased, which will be proportionate to the timestamp of the last block they had to "check in." If they do not "check in" within 10 blocks of the triggering block, their stake-days drops back to 0. This would prevent people from accumulating stake by simply keeping their coins dormant. In this way, NOBODY could ever accumulate significant amounts of stake; the top stakeholder would always be the most likely to produce the very next block, because they are verified connected to the network. Yes, this will require people to keep their wallets unlocked for staking. This is how all PoS coins currently work anyway. Perhaps an arrangement can be found with custodial addresses which can remain be unlocked and have 0 coins, but "manage" the stake for other addresses, at perhaps some loss to privacy.)
You could say no, they only need for each individual stake address to have more stake than any other individual address. So say that
the attacker has 5% stake in one address, 4% in another, 3% in another, 2% in another, and all individual addresses in the rest of the network only have 1% or less. The mining of a stake block is still a stochastic process. Having the largest stake does not mean that you are guaranteed the next block. The only way to guarantee it is to have 51% of all stake. (However, in the implementation of PoS that you had previously developed which depended upon transactions and coin-days-destroyed to determine who gets to mine the next block, I suppose the mining process is more deterministic. I can kind of see that you might have painted yourself into a corner by doing PoS-by-way-of-transactions instead of a more standard PoS implementation.)
There are two kinds of decentralization: power & redundancy.
Again, I would refer to the "autonomous" part of "DAC". "Autonomous" means "without human intervention". "Autonomous" means that I trust the code, not a person. I don't trust one copy of the code doing a particular thing (being the trustee/timekeeper/whatever), and my copy of the code doing something else (running a regular node); I trust that EVERYBODY has the same code and is doing the same thing. That's what Peer-to-Peer is all about. An at-least-nominally-equal playing field for every user. Now you're proposing to make some users "more equal than others". Not cool.
I touched on this last night, but I am really not seeing the "forks" problem. The fact is, most forks create blocks which contain the same transactions. As long as the transactions are recognized as valid by all nodes, a fork is not going to screw anything up.
I create a transaction. That transaction is passed to my peer nodes, who pass it to their peer nodes, etc. until it's propagated throughout the network. All nodes keep this transaction in their transaction memories, let's call this a TIM, Transaction-In-Memory. All nodes know about this transaction after a fairly short time and keep it in their TIM register. That is, until that transaction has been put into a block and that block has been confirmed by some number of blocks. If we are concerned about forks, we can make that number high, like 50 blocks for a transaction to fully confirm and it is removed from the memory of the nodes, and its place in the blockchain is solidified, so all references to that transaction now refer to the blockchain instead of the TIM.
Importantly, all nodes verify these transactions before they are added to the blockchain. In theory, any transaction which is not eligible to be placed in the blockchain will not be propagated at all. So again let's take a chained transaction pair, A->B and B->C. As long as A->B has propagated throughout the nodes and is held in the TIM registers of the nodes, all nodes will recognize B->C as a valid transaction, whether or not A->B has made it into the blockchain yet. If A attempts a double-spend and creates a second transaction A->D with the same inputs, all honest nodes will reject this transaction and not propagate it, because those inputs had already been used in the A->B transaction which already exists as a TIM.
Now what happens if A creates A->B and A->D simultaneously, and sends them to separate peer nodes, so A->B propagates through part of the network and A->D propagates through the rest of the network. So then you have half of the network saying that A->B is correct and rejecting A->D (and therefore accepting B->C since there are valid inputs into B), and the other half saying that A->D is correct and rejecting A->B (and therefore rejecting B->C).
Now, we have several ways to resolve this. The simplest one could simply be to see whichever one makes it into the blockchain first; if A->B happened to propagate first to the node that mines the next block, it will be included; and vice-versa with A->D. A somewhat more complicated but perhaps more honesty-enforcing way to deal with it would be for A->B and A->D (and any further transactions with the same inputs) to be immediately rejected (and kept in memory in a "rejected" list for a short while; perhaps A could be blacklisted as an attempted double-spender, at least for a few days). Remember, we know that A->B and A->D had to have both been initiated by A due to cryptographic signature, and any legit client software would not allow the double-spend to occur in the first place, so A would definitely be a bad actor in this case. Of course, there is always the chance that one of the two transactions would be put into a block first anyway, before the miner knows about the 2nd transaction.
The great thing about PoS mining is that 51% attacks are not possible without owning 51% of the stake; and the only real way for forks to matter is for somebody to be able to execute a 51% attack. (To refresh everyone's memory on a 51% attack: the attacker's (A) hashrate is faster than the rest of the network (B) combined. Therefore, they can produce blocks at a faster rate than the rest of the network combined. They propagate a transaction, A->C, on the B network, where it gets included in a block. C then believes that they have received payment from A. The B network can continue producing blocks and confirmations of the A->C transaction. C becomes more comfortable with the payment from A as the transaction gets confirmed multiple times. In the meantime, the A network is producing blocks faster than the B network, and keeping them hidden from the B network. The A network includes a transaction A->D, with the same inputs as A->C. At some point, once the A network has produced more blocks than the B network, the A network releases its produced blocks to the B network, and they must be accepted since the A blockchain is longer than the B blockchain. This new blockchain has A->D but does not have A->C. So C is out the coins that he thought that he had. This is a problem if, say, C is an exchange, and had credited those coins to A, who then traded them for other coins and withdrew them from the exchange, and then the exchange is left in the lurch because they are missing the coins they thought they received from A.)
-
The good news is that I have a proposal that is more decentralized than a single Notary and a similar level of decentralization as bitcoin.
Good to know. Hope your new proposal could get the community in line.
-
What separates bitshares DACs from other alt coins is that bitshares DACs are designed to be profitable. If using a metronode system means that transaction speed goes from 5 minutes to under 30 seconds, it becomes more attractive to traders. Faster transactions mean more transactions, and more transactions mean more dividends from fees.
-
What separates bitshares DACs from other alt coins is that bitshares DACs are designed to be profitable. If using a metronode system means that transaction speed goes from 5 minutes to under 30 seconds, it becomes more attractive to traders. Faster transactions mean more transactions, and more transactions mean more dividends from fees.
It also introduces numerous problem that have been listed above. I am admittedly not Bitshares-x target audience though. Bitshares seems to be much more decentralized than a standard (very centralized) exchange, with the same or similar abilities trade wise. An improvement for sure, but I would still prefer a pure POS solution. Even if it has slower transaction times, or I have to wait for confirmations.
It seems clear that Bytemaster has had a less centralized solution than a single metronome in mind all along, and has used the past few days to get us used to the idea of a single singing authority so that when he tells us there will actually be 8 and it will require a signature from at least 2 to form a block we will all be ecstatic.
None of this bothers me. What I really don't like is the introduction of politics into the mix. Its not the lack of decentralization. That is of course a relative term, and is only a means to an end. The end is the distribution of power. Lessening the abuses of authority.
Ultimately what we are trying to do here is to build systems that relies on the idea that even if I don't trust you, and you don't trust me, since we both trust the blockchain we have a mutual point of agreement, and a basis for doing business. I can trust the blockchain because I can read the source code and compile it myself. (It would admittedly take me awhile, my c++ is quite rusty, and I would have to trust some of the cryptography sections unless I wanted to spend some serious time digging in) Alternately I could pay someone I trust to check this for me. Adding a human element (voting, metronomes) seems to weaken this. You're adding an unknown to the mix; human action.
Of course I know human action plays a part in the way a POW or POS system works. I also know that all other individuals will be doing what they believe to be in their own self interest. Whether those interests are moral, monetary, or physical, increasing the distribution of block singing power makes its much harder to apply the pressure needed to make those individuals act against their financial self interest in the dac. Or more accurately stated it requires much more pressure applied much more widely.
As always I had plenty more to say, but lack the time and patience to attempt to make it understandable.
-
I want to make one thing clear, I do not attempt to manipulate public opinion as suggested above by introducing something very centralized so my slightly more decentralized solution will be selected. If I were any other man I might be offended by such insinuation.
My real challenge here is that I know several things for certain:
1) Proof of Work is not just unprofitable, it results in the worst kind of centralization and control.
2) Proof of Stake systems are more experimental and only Nxt has a pure proof-of-stake system.
3) Ripple is a form of consensus where you trust a set of nodes not to collude, but where growing this set of nodes from 5 nodes all controlled by Ripple to 1000's of nodes in a manner that doesn't fork the network is an unresolved issue. Effectively Ripple is a club that gradually adds members and these members collectively agree to reach consensus. Ripple uses a complex algorithm for this club and if the core members of the club go one way then the shareholders (XRP) have no say.
So I am sitting here trying to innovate solutions that are better than everything that has gone before and this involves deep thought about the nature of the problem, the risks involved, etc. Fortunately the DAC metaphor gives us the answers we need.
1) We want to give shareholders a way to delegate their vote to a key that doesn't control their coins 'so they can mine'.
2) We want to maximize the dividends shareholders earn
3) We want to minimize the amount we must pay people to secure the network.
4) We want to maximize the performance of the network
5) We want to minimize the cost of running the network (bandwidth / CPU / etc)
So the key is that the shareholders remain in control. If they remain in control then it is decentralized and as much as I hate voting on anything, when it comes to shared ownership of something like a company it is the only viable way. Fortunately if you do not like who is running the company you can sell and this market feedback causes shareholders to vote more rationally than citizens.
So every shareholder gets to vote for someone to sign blocks in their stead (a representative if you will). Anyone who can gain 5% or more of the votes can join the board. No representative may have more than 20% of the delegated votes. The representatives become a "board of directors" which take turns in a round-robin manner signing blocks. If one of the directors misses their turn clients will automatically switch their vote away from them and eventually they will be voted off the board and someone else will join the board.
So how is this different than Bitcoin? In bitcoin the users must pick a mining pool and each pool generally has 10% or more of the hash power. The operator of these pools is like a representative of the clients pointed at the pool. Bitcoin expects the users to switch pools to keep power from becoming too centralized, but collectively 5 major pools control the network and manual user intervention is expected if one of the pools is compromised. If a pool goes down then the block production rate slows proportionally until it comes back up. Which pool one mines in becomes a matter of politics.
Therefore, I am expecting the same kind of behavior from users of BTS X except instead of having to point their hashing power at a pool, they merely change a setting in their wallet. This setting can even be setup with a chain of command so that users do not have to think much about it. Instead of only miners voting, everyone can vote. Like bitcoin, if a representative goes down, block production will slow by a proportional amount until the representative comes back on line or users vote them out of office automatically.
The reason to avoid randomly selecting the representative from all users is the following:
1) high probability they are not online
2) attackers would gain control proportional to their stake without any peer review...
3) without any mining at all, the generation of a random number in a decentralized manner is impossible and thus an attacker could control the random number generation.
The benefits of the representative approach is that:
1) After fewer than 20 blocks ( 10 minutes or less ) almost everyone has indirectly ratified the block-chain through their representative in an immutable way.
2) block production can be much faster
3) no one can prevent transactions from getting included in the chain for more than 10 minutes... compared to bitcoin this is HUGE.
So from the perspective of decentralization I believe I have a design which achieves more than Bitcoin, Nxt, or Peercoin can hope to achieve with a much higher level of security in a much more rapid manner than previously possible.
-
+1
I kept coming to either TAPOS with stakeholder-elected nodes for either Ripple-like or NXT-like block production. I was leaning towards Ripple (see unity+tapos post) because I thought getting to pick transactions for your block if there is a market is a no-no? Think they would just get caught and get fired?
-
+1
I kept coming to either TAPOS with stakeholder-elected nodes for either Ripple-like or NXT-like block production. I was leaning towards Ripple (see unity+tapos post) because I thought getting to pick transactions for your block if there is a market is a no-no? Think they would just get caught and get fired?
Yes... manipulation would be statistically detectable and they would get fired. The amount of manipulation would be very small and any profits earned would just be part of the cost of doing business.
-
Not being a programmer, I'm unfamiliar with the 'job description' of a representative of a mining pool; and extrapolating - to the theoretical "knights of the round table" of BitShares. 8)
Out of pure curiosity - what is that user experience like for approving a block with current mining pools? What would it be like for BitShares X? ...What would keep someone from writing a software program to approve the block automatically if they are AFK? If this were possible - would it create [unidentified by the network] false trust in the board members?
-
Not being a programmer, I'm unfamiliar with the 'job description' of a representative of a mining pool; and extrapolating - to the theoretical "knights of the round table" of BitShares. 8)
Out of pure curiosity - what is that user experience like for approving a block with current mining pools? What would it be like for BitShares X? ...What would keep someone from writing a software program to approve the block automatically if they are AFK? If this were possible - would it create [unidentified by the network] false trust in the board members?
For starters, this is all entirely automatic. In the case of BitShares X there is a system preferences setting with sane defaults and the user can change the setting if they know what they are doing. Any time the user makes a transaction these setting will automatically be respected. If the software detects one of the directors is misbehaving then the user interface will show a warning to the user. The user can then change their settings and either wait until the next time they make a transaction or make a transaction immediately. Whether they pay a fee to change their vote immediately or wait to piggy back on a normal transaction will depend upon the severity of the behavior. In any case, immediate user intervention is not necessary.
In the case of Bitcoin, a director must setup and maintain a mining pool infrastructure. They are subject to DDOS attacks because their servers are public, and they can be shutdown by governments. Users must first detect that their miners are off line (view a warning) and then point them at a new pool. Often miners are setup with an automatic failover pool. Most miners do not audit the blocks being produced by the pool they are on. In fact, as we experienced with ypool not including transactions in PTS blocks, most miners don't even care what the pool operator is doing so long as they get paid.
Shareholders on the other hand care if their delegate isn't producing blocks or including transactions because it will affect their dividend payments and share valuation.
-
Why do you need 'blocks' as such for transactions in this kind of scheme? When you send a transaction, it can get signed by 2-3 'metronodes' and then it is accepted by the network. This will also make transactions near instantaneous, limited only by speed of network propagation.
Might not be for this, but in future it will be interesting if we get some 'on-demand' chain instead of a blockchain.
-
Well, this round-robin "Board of Directors" does sound better than a single "Trustee"/"Timekeeper", but the move away from some sort of PoS implementation leaves me much less comfortable with BitShares. I have refined some of the ideas that I've come up with and posted on this board earlier, and created a proposal for a new implementation of Proof-of-Stake with Proof-of-Connection. I think that it fixes many of the issues that current PoS coins have. I have recently posted this to both bitcointalk and peercointalk forums. This will be my last attempt to convince you to go with PoS. I believe that you, Dan, have the ability to implement this better than anybody else could. This proposal has the benefit of being compatible with TaPoS, and I believe that it is novel.
There are two parts to this proposal: Stake-Days (and Stake-Days Destroyed) and Proof-of-Connection.
Stake-Days are the rough analogue of Coin-Days. As Stake-Days go up, PoS mining difficulty goes down. If I hold 30 coins for 30 days, my Stake-Days are equal to 900. This is the equivalent of somebody with 900 coins holding them for 1 day. The key part is this: My Stake-Days only drop back to 0 when I actually mine a block with that stake. Since Stake-Days are only reset to 0 when a block is mined, they can be transferred from one address to another without being reset. The stake travels along with the coins (and can probably be additive within a given address, although this may make things too complicated). If I receive coins from you, and your coins have Stake-Days built up, I receive that stake when I receive the coins, and my chances of mining a block with that stake are just as high as they were when you held that stake. (So sending a transaction from one of your own addresses, to another of your own addresses, if you were vying for a block in TaPoS, would NOT destroy your Stake-Days. You could simply try again with the next block.) Proof-of-Stake mining still remains a stochastic process, but every address has its own difficulty level based on the stake associated with that address.
Now for Proof-of-Connection. A big problem with existing PoS coins (and indeed, PoW coins) is that nobody is incentivized to run a full node. With (say) PeerCoin, if I have low stake and little chance of mining a PoS block, I can turn off my PeerCoin client and leave it off for a month or three while my stake continues to build. I am not helping to secure the network or propagate transactions when my node is turned off.
So there needs to be a way to make stake dependent on running a node continuously. The proposed mechanism for this is as follows: Every block has a hash. Let's say the hash for a given block starts with ABC. Once this block is created, every address matching AxxxxxxBxxxxxxC (or some other formulation; this is just an example) must "check in" by sending a transaction to themselves to prove that they're connected. These Proof-of-Connection transactions will be included in the next mined blocks. This transaction does not lose Stake-Days or Coin-Days. If this Proof-of-Connection transaction does not appear in a block within X blocks (perhaps 30 minutes' worth?) of the triggering block, their Stake-Days drops back to 0. This would prevent people from accumulating stake by simply keeping their coins dormant.
The parameters could be chosen to try different lengths of expected-time-to-check-in, which would also be dependent on the block production rate. I would suggest a target of something between 6 and 24 hours, although given the random nature of this process, and in the interest of having smaller blocks, perhaps longer times could be used. On a coin with fast blocks, maybe 2 or 3 bytes would be required to match; on a coin with slow blocks, just 1 or 2. Of course, full bytes would not necessarily be required; it could be a bitwise match of a certain number of arbitrary bits from the hash of a block, matched with arbitrary bits from the coin address. Full bytes just make it easier to understand.
The Proof-of-Connection transactions will include the hash of the entire blockchain up to and including triggering block, signed with the address's private key, in order to tie the PoC transaction with the block that triggered it and also to prove that the address is running a full node. Due to the random nature of this process, all stakeholders will be incentivized to keep their nodes up and running all the time. If they want to shut down for a few days, they will simply not earn stake during that time.
-
Why do you need 'blocks' as such for transactions in this kind of scheme? When you send a transaction, it can get signed by 2-3 'metronodes' and then it is accepted by the network. This will also make transactions near instantaneous, limited only by speed of network propagation.
Might not be for this, but in future it will be interesting if we get some 'on-demand' chain instead of a blockchain.
Because each block is proven with a hash. You can prove all of the transactions in the block by proving the block. Each block also proves the prior blocks in the chain. An atomic transaction system that still uses a chain-like structure like you propose would require each transaction to be rather large.
-
Why do you need 'blocks' as such for transactions in this kind of scheme? When you send a transaction, it can get signed by 2-3 'metronodes' and then it is accepted by the network. This will also make transactions near instantaneous, limited only by speed of network propagation.
Might not be for this, but in future it will be interesting if we get some 'on-demand' chain instead of a blockchain.
Because each block is proven with a hash. You can prove all of the transactions in the block by proving the block. Each block also proves the prior blocks in the chain. An atomic transaction system that still uses a chain-like structure like you propose would require each transaction to be rather large.
Also that would be putting too much power in the nodes. They only have veto power, they do not have the power to declare it valid. All nodes on the network perform this function are reject any block signed by a director that violates the articles of incorporation of the DAC.
-
Well, this round-robin "Board of Directors" does sound better than a single "Trustee"/"Timekeeper", but the move away from some sort of PoS implementation leaves me much less comfortable with BitShares. I have refined some of the ideas that I've come up with and posted on this board earlie
Define PoS... I have kept the spirit of PoS and added a simple delegation... it is like mining pools without the barriers to entry or the risk of trusting your coins to someone else.
I reviewed the rest of your proposal and find it very interesting but still suspect that is suffers one of the biggest problems to overcome: it is too complex to analyze all potential attacks. It also suffers from the fact that it is more costly (bandwidth, blockchain size) due to the overhead of proof-of-connection and these costs make it less competitive.
I think the key is to remove the randomness from the equation and increase the size of the board of directors until you are sure it is decentralized enough. One though on increasing the size of the BOD is to have every BOD member post collateral equal to the earnings from 100 blocks. If they fail to produce a block on schedule or voluntarily resign with enough notice then they lose 100 blocks worth of pay. With this setup you could increase the size of the BOD to a minimum 1% of the votes. You also cause anyone running for a BOD position to promise better than 99% uptime or they will lose money. If you do this though then the round-robin technique would have to be adjusted to be proportional to the number of votes you have. I may have to make it proportional anyway so that shareholders are fairly represented... but perhaps by not making it proportional shareholders will be encouraged to diversify who they support least they reduce their influence.
-
Well, this round-robin "Board of Directors" does sound better than a single "Trustee"/"Timekeeper", but the move away from some sort of PoS implementation leaves me much less comfortable with BitShares. I have refined some of the ideas that I've come up with and posted on this board earlie
Define PoS... I have kept the spirit of PoS and added a simple delegation... it is like mining pools without the barriers to entry or the risk of trusting your coins to someone else.
I reviewed the rest of your proposal and find it very interesting but still suspect that is suffers one of the biggest problems to overcome: it is too complex to analyze all potential attacks. It also suffers from the fact that it is more costly (bandwidth, blockchain size) due to the overhead of proof-of-connection and these costs make it less competitive.
I think the key is to remove the randomness from the equation and increase the size of the board of directors until you are sure it is decentralized enough. One though on increasing the size of the BOD is to have every BOD member post collateral equal to the earnings from 100 blocks. If they fail to produce a block on schedule or voluntarily resign with enough notice then they lose 100 blocks worth of pay. With this setup you could increase the size of the BOD to a minimum 1% of the votes. You also cause anyone running for a BOD position to promise better than 99% uptime or they will lose money. If you do this though then the round-robin technique would have to be adjusted to be proportional to the number of votes you have. I may have to make it proportional anyway so that shareholders are fairly represented... but perhaps by not making it proportional shareholders will be encouraged to diversify who they support least they reduce their influence.
Well, with each addition to the # of directors, this gets more and more palatable to me, but still it feels like an awful compromise compared to a pure PoS implementation. I agree with the "Is it better than Bitcoin?" test is a good one, but at the same time, it's a low bar to pass. You had a good idea with TaPoS, and stake being implemented as destruction of transaction fees. I believe in you and your ability to brain-muscle your way through the various problems with PoS. I think you're one of the few people in the world who could get it right. I hope that, at least, once you get done with BitShares implemented as a BoD, and a bunch of DACs are up and running successfully, you turn your mind toward the PoS problem once again.
You are right, of course; the attack vectors for PoS are numerous, but I think the attacks will only get more concentrated/powerful/sustained by selecting certain nodes to act as Directors.
How will the "campaigning" work? How will the voting work? How will I verify that my chosen Director is fulfilling his duties? Will any of this take place on a sideband, such as this forum? I do like the idea of thinking of the Directors like a "pool" which is competing for miners.
I think the voting should not require a minimum % needed, no maximum % cap; instead, the top 100 (or 50, or whatever; perhaps it should scale to the # of votes in the system? 5k votes = 10 Directors, 50k votes = 100? Something like that) vote-getters will always be Directors, and blocks will be randomly round-robin'd based on the hash of the previous block. First 2 digits found in the hash, determine the director. a0jEdoKf0 = director #00, rQ3k4pR5 = director #34, etc. Director #00 = top vote-getter, and so on.
-
The problem with random round robin, is that a director could become a dictator with just a tad bit of mining to select himself again. Though I suppose you could set it up so that you are out of the running if you have been selected in the past 10 blocks....
-
The problem with random round robin, is that a director could become a dictator with just a tad bit of mining to select himself again. Though I suppose you could set it up so that you are out of the running if you have been selected in the past 10 blocks....
You're right, I forgot this mining isn't hard, so it wouldn't be hard to brute-force the desired hashes.
Maybe make it so that any director can never mine more than 2 blocks in a row. If the hash comes up to the same director, move on to the next 2 digits in the hash.
Well, no, there's a problem with that too. A cabal of Directors could come up with hashes that would only pass it around within their group. And this would be possible for a cabal of any size; if we implemented the "past 10 blocks" rule, then a cabal of 11 Directors could hold the chain indefinitely. Hmmm....
Ok, how's this: Random round-robin, but nobody can have a turn before everybody else has had a turn, and no back-to-back blocks for any Director (in case they happen to be the last block of one round, they can't be the first block of the next round).
I just don't want there to be a pre-determined flow of blocks from one to the next Director. Then a set of, say, a given 3 directors would always be mining 3 blocks in a row, and they could collude to allow a double-spend or something.
-
The problem with random round robin, is that a director could become a dictator with just a tad bit of mining to select himself again. Though I suppose you could set it up so that you are out of the running if you have been selected in the past 10 blocks....
You're right, I forgot this mining isn't hard, so it wouldn't be hard to brute-force the desired hashes.
Maybe make it so that any director can never mine more than 2 blocks in a row. If the hash comes up to the same director, move on to the next 2 digits in the hash.
Well, no, there's a problem with that too. A cabal of Directors could come up with hashes that would only pass it around within their group. And this would be possible for a cabal of any size; if we implemented the "past 10 blocks" rule, then a cabal of 11 Directors could hold the chain indefinitely. Hmmm....
Ok, how's this: Random round-robin, but nobody can have a turn before everybody else has had a turn, and no back-to-back blocks for any Director (in case they happen to be the last block of one round, they can't be the first block of the next round).
I just don't want there to be a pre-determined flow of blocks from one to the next Director. Then a set of, say, a given 3 directors would always be mining 3 blocks in a row, and they could collude to allow a double-spend or something.
Considering the increase in the block rate, the certainty of being fired, and the fact that no other peers would (or other directors) would honor blocks produced late I don't think a double spend is possible under any circumstances except the complete isolation of a single user. If you want to be 'certain' that your block is confirmed simply wait for the majority of the directors to confirm it. You could have 20 directors confirm it in the time it takes Bitcoin to confirm a single block. These 20 directors would likely represent the stake of 51% of the network or more.
-
Hate to be rude, but is there any way to supply a TL:Dr?
I think that human beings can secure the network instead of miners.
Is that the main idea?
-
I started a new thread that includes just what people need to know based upon the results of this discussion.
By the way I want to thank the community for helping me brainstorm and not jumping on me. I can tell you all are getting to know me and learning that I am very open with ideas and willing to change from bad ones.
-
I started a new thread that includes just what people need to know based upon the results of this discussion.
By the way I want to thank the community for helping me brainstorm and not jumping on me. I can tell you all are getting to know me and learning that I am very open with ideas and willing to change from bad ones.
Ok, thanks.
I wanted to say, that I did TRY t read it a few times before asking.
I think I am missing some technical knowledge.
Thanks for making a new thread.
Sent using Tapatalk
-
Do you plan on implementing TaPoS later in a different system; maybe some DAC, PTS/AGS or even an altcoin? It would be a shame if this goes unused.
If you later transform PTS (and maybe AGS too) into a TaPoS currency with fast blocktimes (30 sec?), it can be used as a viable currency, which actually has some inherent value (instead of just speculative value). Of course, snapshots decrease the value, but after a certain time we would expect there will DACs being launched left, right and center and so price variation will be less bumpy (besides if you 'hoard' PTS you will get the new DACs anyways and so will not actually lose money).
When Nxt exchange starts working it will be interesting to see if they face any challenges regarding transparent forging. If I understand correctly, Bitshares Me would be a somewhat similar (at least a direct competitor).
-
Do you plan on implementing TaPoS later in a different system; maybe some DAC, PTS/AGS or even an altcoin? It would be a shame if this goes unused.
If you later transform PTS (and maybe AGS too) into a TaPoS currency with fast blocktimes (30 sec?), it can be used as a viable currency, which actually has some inherent value (instead of just speculative value). Of course, snapshots decrease the value, but after a certain time we would expect there will DACs being launched left, right and center and so price variation will be less bumpy (besides if you 'hoard' PTS you will get the new DACs anyways and so will not actually lose money).
When Nxt exchange starts working it will be interesting to see if they face any challenges regarding transparent forging. If I understand correctly, Bitshares Me would be a somewhat similar (at least a direct competitor).
TaPOS is implemented as part of the board system, though I suspect that it may be overkill and redundant.
-
I started a new thread that includes just what people need to know based upon the results of this discussion.
By the way I want to thank the community for helping me brainstorm and not jumping on me. I can tell you all are getting to know me and learning that I am very open with ideas and willing to change from bad ones.
I really appreciate that you vet ideas here openly. That's not easy. I also support your constant efforts in iterating, revising, and growing your ideas. The transparency time and time again is what keeps me here.
Keep on keeping on!
-
I want to make one thing clear, I do not attempt to manipulate public opinion as suggested above by introducing something very centralized so my slightly more decentralized solution will be selected. If I were any other man I might be offended by such insinuation.
My real challenge here is that I know several things for certain:
1) Proof of Work is not just unprofitable, it results in the worst kind of centralization and control.
2) Proof of Stake systems are more experimental and only Nxt has a pure proof-of-stake system.
3) Ripple is a form of consensus where you trust a set of nodes not to collude, but where growing this set of nodes from 5 nodes all controlled by Ripple to 1000's of nodes in a manner that doesn't fork the network is an unresolved issue. Effectively Ripple is a club that gradually adds members and these members collectively agree to reach consensus. Ripple uses a complex algorithm for this club and if the core members of the club go one way then the shareholders (XRP) have no say.
So I am sitting here trying to innovate solutions that are better than everything that has gone before and this involves deep thought about the nature of the problem, the risks involved, etc. Fortunately the DAC metaphor gives us the answers we need.
1) We want to give shareholders a way to delegate their vote to a key that doesn't control their coins 'so they can mine'.
2) We want to maximize the dividends shareholders earn
3) We want to minimize the amount we must pay people to secure the network.
4) We want to maximize the performance of the network
5) We want to minimize the cost of running the network (bandwidth / CPU / etc)
So the key is that the shareholders remain in control. If they remain in control then it is decentralized and as much as I hate voting on anything, when it comes to shared ownership of something like a company it is the only viable way. Fortunately if you do not like who is running the company you can sell and this market feedback causes shareholders to vote more rationally than citizens.
So every shareholder gets to vote for someone to sign blocks in their stead (a representative if you will). Anyone who can gain 5% or more of the votes can join the board. No representative may have more than 20% of the delegated votes. The representatives become a "board of directors" which take turns in a round-robin manner signing blocks. If one of the directors misses their turn clients will automatically switch their vote away from them and eventually they will be voted off the board and someone else will join the board.
So how is this different than Bitcoin? In bitcoin the users must pick a mining pool and each pool generally has 10% or more of the hash power. The operator of these pools is like a representative of the clients pointed at the pool. Bitcoin expects the users to switch pools to keep power from becoming too centralized, but collectively 5 major pools control the network and manual user intervention is expected if one of the pools is compromised. If a pool goes down then the block production rate slows proportionally until it comes back up. Which pool one mines in becomes a matter of politics.
Therefore, I am expecting the same kind of behavior from users of BTS X except instead of having to point their hashing power at a pool, they merely change a setting in their wallet. This setting can even be setup with a chain of command so that users do not have to think much about it. Instead of only miners voting, everyone can vote. Like bitcoin, if a representative goes down, block production will slow by a proportional amount until the representative comes back on line or users vote them out of office automatically.
The reason to avoid randomly selecting the representative from all users is the following:
1) high probability they are not online
2) attackers would gain control proportional to their stake without any peer review...
3) without any mining at all, the generation of a random number in a decentralized manner is impossible and thus an attacker could control the random number generation.
The benefits of the representative approach is that:
1) After fewer than 20 blocks ( 10 minutes or less ) almost everyone has indirectly ratified the block-chain through their representative in an immutable way.
2) block production can be much faster
3) no one can prevent transactions from getting included in the chain for more than 10 minutes... compared to bitcoin this is HUGE.
So from the perspective of decentralization I believe I have a design which achieves more than Bitcoin, Nxt, or Peercoin can hope to achieve with a much higher level of security in a much more rapid manner than previously possible.
I think you are onto something here and I now have hope that you can solve what seems to be the impossible problem. Solve this problem and Bitshares without a doubt will be the best technology today.
-
What separates bitshares DACs from other alt coins is that bitshares DACs are designed to be profitable. If using a metronode system means that transaction speed goes from 5 minutes to under 30 seconds, it becomes more attractive to traders. Faster transactions mean more transactions, and more transactions mean more dividends from fees.
+5%
-
I don't think there is any gray area when it comes to decentralization. Either you are, or you are not. There is no partial compromise. Since most people will be operating within the borders of existing government laws, true decentralization wil never be achieved. You must do what you think is best.
Granted, one finds pure decentralization and pure laissez faire nowhere in the world. However, there are shades of centralization.
By embracing the model of a protector trust, Bytemaster is embracing an existing set of traditions that works remarkably well in the real world for people who benefit from real wealth.
Count me among those who are comfortable with doing what is known, but much more efficiently, and not letting the perfect be the enemy of the good-enough.
-
Can we get a summary of the newest way the trustee functionality will operate?
Having not read all the previous pages, it seems having 51% vote would be somewhat unstable. MemoryCoin voting didn't work out so well .. and what happens in the event of rapid trustee changes at a 51/49 split? Couldn't votes flip-flop rather quickly leaving the system unstable during transition?
-
See new thread on board if directors vs mining pool opps
Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
-
Well, this round-robin "Board of Directors" does sound better than a single "Trustee"/"Timekeeper", but the move away from some sort of PoS implementation leaves me much less comfortable with BitShares. I have refined some of the ideas that I've come up with and posted on this board earlie
Define PoS... I have kept the spirit of PoS and added a simple delegation... it is like mining pools without the barriers to entry or the risk of trusting your coins to someone else.
I reviewed the rest of your proposal and find it very interesting but still suspect that is suffers one of the biggest problems to overcome: it is too complex to analyze all potential attacks. It also suffers from the fact that it is more costly (bandwidth, blockchain size) due to the overhead of proof-of-connection and these costs make it less competitive.
I think the key is to remove the randomness from the equation and increase the size of the board of directors until you are sure it is decentralized enough. One though on increasing the size of the BOD is to have every BOD member post collateral equal to the earnings from 100 blocks. If they fail to produce a block on schedule or voluntarily resign with enough notice then they lose 100 blocks worth of pay. With this setup you could increase the size of the BOD to a minimum 1% of the votes. You also cause anyone running for a BOD position to promise better than 99% uptime or they will lose money. If you do this though then the round-robin technique would have to be adjusted to be proportional to the number of votes you have. I may have to make it proportional anyway so that shareholders are fairly represented... but perhaps by not making it proportional shareholders will be encouraged to diversify who they support least they reduce their influence.
...I believe in you and your ability to brain-muscle your way through the various problems with PoS. I think you're one of the few people in the world who could get it right. ...
I agree with this!
+5%
From what I can understand, the overall idea is a good compromise significally improving the speed/usability of the application.
-
I don't think centralization is a good idea.
The cryptocurrency grave yard is littered with centralized schemes. Make no mistake that there is enough pressure already IMO on I3 to be indicted for securities violations, whether that is the case will be up to a court to decide. You have taken steps to stop the regulators from stopping your work, but they can arrest you and accuse you at any time. They know they have a better than 80% chance to get a conviction at trial, just because of the psychology of an authority saying you did something wrong. I can deal with that element of centralization, but just barely.
I think that any trustee that reveals their identity and lives in a country with strong financial regulations, such as the US, will go to jail for operating with out a license, selling securities with out a license, conspiracy to commit security fraud, money transmission without a licence, running a money services business without a license, the litany of charges will go on forever in some cases.
This will basically only leave trustees in countries where regulations are lax to operate the trustee scheme. This type of system will ensure that wall street and most of main street will not participate. This is bad for my and others' investment in PTS,AGS, and BTS. I will not participate in such a scheme, I believe the only reason that Bitcoin is any different than any prior is because of the blockchain decentralization invention. You are literally taking the greatest invention of the century and throwing it out the window for centralized control. Make no mistake you are taking a step backward.
If you are serious about this thing you have created, you would spend the time to do it right. Satoshi took years crafting his system, you can't take a few extra months?
This is something which could happen but how likely is it to happen? Bitshares aren't securities anymore than objects in WoW are securities. That isn't to say there wont be regulation, but if they were to target that it would be seen as petty. It's similar to gambling sites.
From wiki:
A security is a tradable asset of any kind.[1] Securities are broadly categorized into:
debt securities (such as banknotes, bonds and debentures),
equity securities, e.g., common stocks; and,
derivative contracts, such as forwards, futures, options and swaps.
The company or other entity issuing the security is called the issuer.
Your selling a derivative, your calling it bitUSD, bitEUR, bitBTC, it's a security to the SEC. The SEC will try to enforce this, they have no desire to see this project come to pass. The more decentralized the better. It is in the best interest of the project to consider the issue. The only reason that the SEC has not cracked down on Bitcoin is because it stands by it self in a category not classified here.
Bitshares on the other hand, is using "marketing terms" such as the word "shares" and "Exchange" which imply a security, its trading consists of elements directly in conflict with the above definition, that being debt security in the form of bitUSD and it sells derivative contracts on those debt securities.
The best way to deal with the SEC is to assume they will take the least favorable side you can imagine. They often do.
BitUSD isn't an actual derivative. It's not any more a derivative than a poker chip is a derivative. How is it that poker chips are consider poker chips but BitUSD is considered a derivative? And if both are digital, and no contracts are used to guarantee it, I don't see where the SEC or the law has any say in something which is entirely virtual.
If a legal contract is written or if someone tries to redeem BitUSD for real USD then you might have a point. BitUSD isn't USD in anything other than name though. It's not an actual contract.
I'm not a lawyer, I'm just giving my interpretation.
"The SEC will try to enforce this, they have no desire to see this project come to pass."
If Bitcoin is not a currency, and if Bitcoin is not a stock, what gives the SEC any authority over it? It's digital property from what the IRS says. If Bitshares isn't an actual stock backed by an actual company then what business does the SEC have in this space?
Is the SEC going after Second Life next? How much authority do they have? Will they go after people using poker chips and monopoly money too? I'm not saying they cannot interpret the law in a way to try and stretch their power, I'm making a point that it's wrong for them to do it.
They are the securities and exchange commission while Bitshares is more like a gambling program that people run to bet on stuff. It's not real money and the only way I could see them making it into something real would be if it centralized around Invictus. Invictus actually was a corporation so that is one area they might try to use.
You've highlighted a legitimate problem with the trustee scheme though. It will make regulators want to find the trustee and go after whoever is in that position and that is why I said it was a risk to be the trustee.
If there must be a trustee in my opinion the best way to do it is to put a public face on Bitshares and let someone be a public trustee. No anonymous trustee, no hiding, no trying to be sneaky, all of that will attract regulators like a magnet. If the trustee is public and willing to go to jail or court to defend Bitshares that actually would look better politically.
I don't think people in the United States would like to see innocent people being put in jail for inventing new technologies. If the United States is willing to do that then it may change the culture of Silicon Valley.
"BTCST, formerly known as First Pirate Savings & Trust, is an unincorporated
entity with no brick and mortar presence. The BTCST investments Defendants offered and sold to the investing public as alleged herein constitute “securities” as defined by Section 2(a)(1) of the Securities Act [15 U.S.C. § 77b(a)(1)] and Section 3(a)(10) of the Exchange Act [15 U.S.C. § "
"Any investment in securities in the United states remains subject to the jurisdiction of the SEC regardless of whether the investment is made in U.S. dollars or a virtual currency. In particular, individuals selling investments are typically subject to federal or state licensing requirements."
https://www.sec.gov/litigation/complaints/2013/comp-pr2013-132.pdf
Oh believe me, BitUSD is no poker chip. It will compele head-to-head with USD, which is the success thatwe are striving for. And there will be companys' stock issed on Bitshres ME. I have to agree with cryptosig that the only reason they have not tackled Bitcoin is because they are not able to. By "they", I mean governments/central banks. So be as decentralized as possible.
Sent from my iPad using Tapatalk (http://tapatalk.com/m?id=1)
-
Dan, I support you ;)
-
Dan, I support you ;)
bytemaster, enough with the alias new accounts :D
-
Dan, I support you ;)
bytemaster, enough with the alias new accounts :D
(http://toomuchfire.files.wordpress.com/2011/10/oj.jpg)