Transactions as Proof-of-Stake & The End of Mining

[alkan]

I am really looking for attacks on my pos system


Sent from my iPhone using Tapatalk

can we develop a system to avoid the 51% attack totally , I have some thinking , in democratic society, one person have  larger  power and he only have one vote,  a node have larger power of hash ,it is only mean  he have the larger capacity for mining,  not the larger power of main chain,
we can think as following
1. one node cannot find two continuous bolck
2. the difficulty of every node is different,  for example if the node not find the bolck in 10min , the difficulty is same as the normal  difficulty, but if the node can one bolck in 10 min the difficulty become the 2*normal difficulty ,  if find 3 bolck in 10min ,the difficulty become the 4*normal difficulty , and so on ,   if we need to 6 bolck confirm , though a man have 51% power of hash , he also cannot carry out 51% attack.

There is no way to identify nodes, all we have is 'information'.   Difficulty is irrelevant because proof-of-stake determines longest block and nodes cannot cheat this.   Just like any company where a shareholder who owns 51% of the stock can do anything they want (more or less), the same applies to DACs.   There is no way around the 51% ownership attack in a world subject to sybil attacks.

It seems that individual difficulty can indeed be used to avoid sybil attacks, as I decribe in my post https://bitcointalk.org/index.php?topic=1702796.0. While you cannot prevent an 51% ownership attack under any circumstances, you can make it economically unattrative so that no rational attacker would attempt it.

[clout]

Why can't coin days be capped by less than 365 days?

365 Days is the inactivity period. 

If that period is reduced is the network more secure?

Or can capping cdd by any one node make the network secure?

Also if you use unl does that mean that block production and confirmation from cdd would be more immediate?

Lastly in the unl systems do u essentially vote with your cdd for which un you want to produce the next block and whichever un is the most trusted gets the most cdd's or is it that once un are selected into the list they are chosen in a lottery fashion to produce next block?

I'm trying to understand the consensus technology better. Sry if these are silly/trivial questions.

[bytemaster]

Why can't coin days be capped by less than 365 days?

365 Days is the inactivity period. 

[clout]

Why can't coin days be capped by less than 365 days?

[bytemaster]

How many nodes are currently participating in the UNL consensus aspect of the Ripple network?   Has anyone produced a network topology of a directed graph of UNL lists?

We're hoping to have a transition to a large number of distributed validators well underway around June. Currently, Ripple Labs runs five validators and pretty much everyone just uses those five.

I see, this is much how I was planning on using consensus to launch BitShares X.  Start with a few nodes and then grow to be more distributed.    Good to know that a fully distributed Ripple system is still in development.   

From my perspective I just need a way to agree on a transaction set... this consensus could be entirely generic based upon blobs of data.   

I am sure in the future the best of these techniques will find a home in BTS/AGS/BitShares X systems.

[JoelKatz]

So effectively a single node can hold out and say... sorry I am not including any transactions until everyone agrees with me not to include any transactions?  The entire network would then halt....  I am assuming this is NOT the case which means there exist cases where consensus is reached by many but not all and the guy who is out voted must accept it or move on....   

Right, but that's fine. The consensus process can fail and no harm is done except there's no consensus. It causes a tiny spike in transaction validation time. Who cares. (Think of a result of a consensus round being like a mined block. They can be orphaned or abandoned. Either they survive or they don't.)

If the UNL nodes are public, the government could pass a law requiring filtering and then what?

The same thing could happen with any scheme. Transactions are public. Say the goverrnment passes a law prohibiting people from accepting Bitcoin transactions on any chain that included specific transactions. Business would know who sent them Bitcoins and could tell if those Bitcoins passed through the prohibited transactions.

How many nodes are currently participating in the UNL consensus aspect of the Ripple network?   Has anyone produced a network topology of a directed graph of UNL lists?

We're hoping to have a transition to a large number of distributed validators well underway around June. Currently, Ripple Labs runs five validators and pretty much everyone just uses those five.

[bytemaster]

So effectively a single node can hold out and say... sorry I am not including any transactions until everyone agrees with me not to include any transactions?  The entire network would then halt....  I am assuming this is NOT the case which means there exist cases where consensus is reached by many but not all and the guy who is out voted must accept it or move on....   

Sure, eventually this node will be identified and pulled from the UNL of its peers, but for a while it could get away with excluding the node.

If the UNL nodes are public, the government could pass a law requiring filtering and then what?   

I believe the people at Ripple are smart and have a solution that works.  It was my faith in Ripple's mere existence that convinced me it was possible.   So I really, really want to understand at a deep level how Ripple works and their algorithm can be used.   

In fact, I will probably create a bounty for a version of BitShares X that implements the Consensus algorithm while I focus on getting our MVP done.   It just has too much potential if UNL lists can be properly organized. 

How many nodes are currently participating in the UNL consensus aspect of the Ripple network?   Has anyone produced a network topology of a directed graph of UNL lists? 

[JoelKatz]

It is like having two groups of friends, half want to go to Olive Garden and half want to go to Burger King... but not everyone cares what everyone else things because they all have a local perspective.   So from the perspective of the BK crew they have a super majority and from the perspective of the OG crew they have a super majority... anyone who tries to be friends with both crews is screwed they pick one side to go with... so one guy sides with OG and another sides with BK.

There aren't two positions on an equal footing. Everyone understands that a transaction can only be included if it has a supermajority of support and they are perfectly happy to exclude a transaction for one round rather than risk a fork. If there's a standing agreement to go to Burger King if there's no agreement otherwise, the problem is much simpler.

Also, nothing terrible happens if they go to different restaurants. They just fail to produce a consensus ledger and can try again.

So everyone wants to reach consensus and they do reach consensus within their domain...  some nodes who are in two domains will recognize a split as a minority of their UNL list goes some other direction.

Those nodes will just convince the side that included the transaction to exclude it, because nobody wants a fork. You have to imagine a crazy topology for that not to work.

Our plan for Ripple is to have organizations that publish lists of validators whose performance they monitor. They will include the jurisidiction and organization type of the validator. By default, the software will pull validator lists from several such organizations and pick a random sample, weighted by the number of organizations that include that validator. You will be able to add filters like "no validators in the US" or "no validators operated by governments" if you wish, as organizations will include that information in the lists they publish. You will, of course, be able to add or blacklist validators, change the list of publishers, and so on.

[bytemaster]

2) If one of the two nodes adds a second person to his UNL list then there is a 50% chance of a fork because not everyone agrees.

You're assuming the nodes aren't trying to reach a consensus when in fact that is their top priority. If one node refuses to change its position because doing so will cause a fork, then the other node will change its position. Avoiding a fork is every node's priority, second only to correctness. Why would a node fork when changing its position would avoid one?

If two people are trying to decide where to go for dinner and one says "it must be Olive Garden" and the other says "Olive Garden is okay, but I prefer Burger King", they'll agree to go to Olive Garden.

It is like having two groups of friends, half want to go to Olive Garden and half want to go to Burger King... but not everyone cares what everyone else things because they all have a local perspective.   So from the perspective of the BK crew they have a super majority and from the perspective of the OG crew they have a super majority... anyone who tries to be friends with both crews is screwed they pick one side to go with... so one guy sides with OG and another sides with BK.

The only way to avoid this problem is if the network is properly balanced with enough interconnectedness.  At this point you can make some assumptions and see n log n scalability.   

So everyone wants to reach consensus and they do reach consensus within their domain...  some nodes who are in two domains will recognize a split as a minority of their UNL list goes some other direction. 

Every response I have seen in the Ripple discussions says this is just a misconfigured UNL.

Ok, now that we have established this the question becomes how do nodes add each other to their UNL in a way that insures properly connected network?    It seems to me that everyone will want to include the big players in their UNL and thus become yes-men, after all the big players have no incentive to care much about every new node that joins the network....

I am not ruling out consensus algorithm just yet, I just think it will require more work to understand and verify than TaPOS.   If we can get an implementation that uses consensus + POS then I will be very happy. 

[JoelKatz]

2) If one of the two nodes adds a second person to his UNL list then there is a 50% chance of a fork because not everyone agrees.

You're assuming the nodes aren't trying to reach a consensus when in fact that is their top priority. If one node refuses to change its position because doing so will cause a fork, then the other node will change its position. Avoiding a fork is every node's priority, second only to correctness. Why would a node fork when changing its position would avoid one?

If two people are trying to decide where to go for dinner and one says "it must be Olive Garden" and the other says "Olive Garden is okay, but I prefer Burger King", they'll agree to go to Olive Garden.

Consensus is robust because if there's absolutely no reason at all to exclude a transaction, then every honest node will want to include it. If there's any reason at all to exclude a transaction, then every honest node is perfectly happy to exclude it, so long as it gets introduced into the next round, which every honest node will agree to.

[JoelKatz]

I have been working on the consensus algorithm and while it is fast it has the following problems:
1) There is no way to compensate people for running full nodes.

Right, but there is no need to compensate them. Bitcoin doesn't compensate people for running full nodes, only for mining, which consensus doesn't have.

2) The cost of running full nodes grows with N^2 the number of nodes participating in the consensus process

I'm not sure how you figure that. The cost of the consensus process itself scales as N log N and is divided over the nodes. The work each node has to do scales with the log of the number of nodes participating. Perhaps you're thinking that every node must directly consider what every other node is doing. That's not so. You only need a sample, and that scales with the diameter, which is the log of the number of nodes.

3) There is no way to reward nodes that participate in consensus to cover the cost of bandwidth growing

There is no evidence that there's any need to do this. Bitcoin doesn't reward transaction relaying either.

4) If you rely on charity, the regulatory risks may result in nodes not proliferating

It's not charity. People run nodes because they want high-quality access to the network. If the network doesn't provide services worth its bandwidth, it should die. This is the same reason people run Bitcoin nodes.

If you don't believe me or are still worried, then the community can just decide that, say, 1,000 validators is enough to provide reliability and decentralization. Adding more would provide no benefits, so just don't. There's no need for 100% agreement on this, people can just refuse to relay validations they don't think add sufficient value.

Also, you can't have it both ways. Your argument is basically, "nobody will run a validator because the bandwidth caused by all the reliable validators that we can't afford to drop will be too high" that's like "nobody wants to go to that restaurant because it's too crowded".

[bytemaster]

4) Unlike Proof-of-Work where once you own the mining you own every coin that uses that POW... with POS you can never own all the coins that can be created.

On Bitcointalk sometimes instead of ads there are informative messages about Bitcoin. One says Even in the event that an attacker gains more than 50% of the network's computational power, only transactions sent by the attacker could be reversed or double-spent. The network would not be destroyed. Another one: Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks. I have also heard Andreas Antonoupolos said the 51% attacker would only be able to destroy the next 10 minutes of transaction before being kick out the network

So you are saying all of this is not true?

I am saying that a 51% attacker could perform a denial of service attack and prevent transactions from being included at all.  That is within the rules of the network. 

[BldSwtTrs]

4) Unlike Proof-of-Work where once you own the mining you own every coin that uses that POW... with POS you can never own all the coins that can be created.

On Bitcointalk sometimes instead of ads there are informative messages about Bitcoin. One says Even in the event that an attacker gains more than 50% of the network's computational power, only transactions sent by the attacker could be reversed or double-spent. The network would not be destroyed. Another one: Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks. I have also heard Andreas Antonoupolos said the 51% attacker would only be able to destroy the next 10 minutes of transaction before being kick out the network

So you are saying all of this is not true?

[bytemaster]

My counter to the supposed attack is for a credible organization (like the *Coin Foundation) to announce that a hard fork would be created removing all balances held by the government in the event they attempt such an attack.  The market consensus would support the foundation backing the coin and the market participants would see that if the government calls the bluff the price will rise as and when the government is successful everyone would fork and get a 50% dividend.   

[bytemaster]

Paper on vulnerability of vanilla POS: http://www.reddit.com/r/BitcoinSerious/comments/1xpzb8/pos_is_more_vulnerable_to_51_attacks_than_pow/

I haven't looked thoroughly, but I don't think this affects TaPOS.

This paper is a bunch of mathematical mumbo-jumbo entirely detached from real economics.   If the US government announced that it wanted to buy 50% of the coins then the price would go through through the roof as every rational actor in the system would know several things:   

1) there is a buyer attempting to own the network... and that if they hold out they can get a higher price.   
2) the assumption that the coin becomes worthless once 50% ownership is held by a single player is also flawed.  For one thing, the government couldn't announce such a program "and mean it" without justifying to the public a reason to actually buy these coins vs simply outlawing them.   
3) the demand for a viable coin will simply cause a new alternative to pop up and the government is back to square one.
4) Unlike Proof-of-Work where once you own the mining you own every coin that uses that POW... with POS you can never own all the coins that can be created.

My conclusion is that this paper doesn't even apply to existing POS coins and certainly doesn't apply to TaPOS.