Quote from: bytemaster on February 03, 2015, 03:23:05 pm

Lastly if it is clear there is an attack, and it would be, then it would be TRIVIAL to release a universally accepted hard fork that simply reset the vote on the offending delegates to 0.

How is it trivial?

Quote from: arhag on February 03, 2015, 10:00:39 am

I assumed that people will update their votes to make sure they can get all 100 evil delegates replaced by good ones so that the honest chain can take over.

Now we need something to distinguish bad and good delegates.

By the way, I haven't had time to carefully read the entire 8 pages, but I think it is worth commenting on the exchange between Troglodactyl and Come-from-Beyond. This is how I understand the consensus mechanism of DPOS to work (I would appreciate any corrections in my understanding by the devs).

Let's say 100 delegates are colluding to ignore any transactions that update the votes against their favor. They are also ignoring all blocks by the remaining honest delegate. They have 100/101 = 99% delegate participation. People are creating, signing, and broadcasting transactions that changes the vote for their balance away from the evil delegates and to other honest delegates. There exists enough transactions that if included in the blockchain would cause the delegates of the next round to be 101 honest delegates. However, anytime the single honest active delegates includes these transactions, the other delegates ignore his block.

The single honest delegate can wait until a round in which he is one of the last 4 block producers (this happens approximately 4% of the time every 17 minutes, which means it would take 1.5 days for there to be a greater than 99% probability of this opportunity opening up). If the single honest active delegate builds off the longest current chain created by the other colluding 100 evil delegates and includes as many transactions as possible in his block to get as many honest new delegates to replace the other 100 evil delegates, then this honest delegate could create a fork that reaches the next round with (ideally) a set of 101 honest delegates and with anywhere from 0 to 4 blocks less than the original chain created by the 100 evil delegates (which is why clients will ignore this fork for now). In this next round, all of the (ideally) 101 honest delegates in the competing fork each create a valid block (and include other remaining vote update transactions to get the number of honest delegates in the following rounds to 101 if it isn't already). If there were in fact 101 honest delegates in this round, that means they gain a one block advantage compared to the competing fork created by the colluding 100 evil delegates. After four more rounds like this, they will have a longer chain than the chain created by the 100 evil delegates. Even if the first round of the fork does not have 101 honest delegates (because it was impossible to stuff enough transactions in a single block to replace all 100 evil delegates), realistically, it just means that a few more rounds are needed before they have the longest chain. If they can get this longest chain within 16 rounds (before the chain reorganization limit), all live clients will switch over to that new chain run by the honest set of delegates. Clients that were offline during this transition and trying to resync some time later will then (I think?) choose the longest chain which would at that point be the one run by the 101 new honest delegates and not the one by the 100 old evil delegates whose chain would keep falling further behind.

So, if my assumptions about the details of how DPOS works is true, it means that even if one honest delegate remains, it is possible for the network to recover without hard forks in a reasonable amount of time. Now if all 101 delegates are evil and colluding together, then stakeholders have to resort to the hard fork method which I discussed in my previous post.

Quote from: Chronos on February 02, 2015, 11:03:32 pm

I could be wrong, but I think a widened block timing would negatively affect the on-blockchain BTS/BitAsset exchange by matching orders less often.

If you include 51x more transactions then tx/sec ratio will be the same.

Can't you guys just change the rules slightly and get rid of the issue?

Quote from: Chronos on February 02, 2015, 07:53:39 pm

Come-From-Beyond has been explaining for 6 pages, haha. I'll summarize:

• 51 of 101 delegates decide they never want to be fired (via bribery, for example).
• These delegates ignore all blocks from the other 50 delegates. Their chain is longest, so it is accepted. The 50 are powerless.
• The 51 delegates ignore all transactions that vote them out, but they still produce blocks without these transactions.
• In the end, the accepted longest chain never votes them out. They can sell all BTS and maintain control of the chain.

Do I understand correctly?

Yes.

Quote from: Troglodactyl on February 02, 2015, 06:15:57 pm

In the BitShares network, as long as there are some delegates who continue building on the longest valid chain, and including valid transactions, that group will have an advantage over any group that ignores valid blocks. Even if they start out outnumbered, they can replace delegates by including votes, while hostile groups can only ignore honest delegates.

We assume that majority is bribed. Hence even if honest delegates build one chain and dishonest ones build another, the latter will be longer.