Author Topic: Transactions as Proof-of-Stake & The End of Mining  (Read 37008 times)

0 Members and 1 Guest are viewing this topic.

Offline phoenix

  • Sr. Member
  • ****
  • Posts: 275
    • View Profile
Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #75 on: December 15, 2013, 02:00:55 am »
I mean Trustees as central points of failure.  Even with 100 trustees, that's only 100 private keys to capture to completely control the network.

True, the more Trustees there are the better. I would hope that the people running for Trustee positions would keep their wallets encrypted.
Protoshares: Pg5EhSZEXHFjdFUzpxJbm91UtA54iUuDvt
Bitmessage: BM-NBrGi2V3BZ8REnJM7FPxUjjkQp7V5D28

Offline arkanaprotego

  • Newbie
  • *
  • Posts: 11
    • View Profile
Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #76 on: December 16, 2013, 10:33:18 am »
I just thought of a variant of the BCD system I proposed: use BCD from the Protoshares chain to secure the Bitshares chain, and issue Bitshares through subsidies, based on ownership of PTS  (somewhat like Bitcoin, but using Protoshares as "hashing power"; subsidies don't have to be for finding blocks though, read below). I haven't really thought about all the implications yet, but I realized there was no reason to keep security and wealth so tightly coupled, so I'm putting this idea on the table. All comments are welcome.

Pros:
- Strong incentive to keep Protoshares in the long run: "mining" Bitshares
- There is a public (yet pseudonymous) ledger of "hashing power" (PTS), so this mining does not require centralization and few special transactions: no matter how little you "mine", just parse the Protoshares chain to see how many Bitshares you (or anyone) can claim from "mining", and claim them at the same address on the Bitshares chain using a special transaction from time to time (e.g.: once a day). EDIT: You can also bust freeloaders: do not award subsidies if the claiming address could have published better blocks than those in the chain but did not.
- Increase liquidity of Bitshares, since you don't need to hoard more to earn more.
- Bitshares distribution is not simply the result of the snapshot of Protoshares at one point in time, but at all points in time: the wealth distribution is not set in stone; see the case of Nxt: the whole money supply was issued at launch. 70 people hold all of it and are just sitting on it, preventing any one from entering the market at a similar price.

Cons:
- You have to remember to keep an eye on the distribution of PTS to make sure it is not overly centralized.
- This might lead to an increase in the price of PTS, reducing the last pro, but if it is still easier to buy PTS than ASICs, I'll still consider this a success. Unlike ASICs, PTS do not age. EDIT: Also, no pre-orders.
« Last Edit: December 16, 2013, 10:57:51 am by arkanaprotego »

Offline arkanaprotego

  • Newbie
  • *
  • Posts: 11
    • View Profile
Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #77 on: December 16, 2013, 03:00:09 pm »
I recently came up with another system that could work, though I am not fully sold on it.

What if the share holders elected people who would sign blocks?   You vote for the signers with CDD. When they sign they spend the CDD they accumulated from people voting for them.  No one would be allowed to sign more than 1 in 100 blocks. 

This plan has many potential problems, but I thought I would add it to the idea pool.

Wouldn't that generate an awful lot of network spam? At each block, each node would have to know what each other node has voted?


I have an idea based on a lottery system.

It requires the introduction of another type of coin-days that are reset after each block. I'll refer to as BCDs, for Block Coin-Days.

After a node receives a block, it takes the hash of the block and the hash of its Bitshares address, and applies a binary AND on them. The result is a speed of BCD gain per coin.
The node can then compute the number of BCD held by its address as a function of time: BCD = time_since_last_block * (block_hash AND address_hash) * number_of_coins.
It will broadcast a block when the amount of BCD reaches a target set by the protocol, depending on previous blocks. The block must reference the outputs used to generate the BCDs.


The idea is that the node with the highest BCD gain speed ((block_hash AND address_hash) * number_of_coins) will win. As time passes, it is more and more likely that someone will meet the target (like PoW), and the randomness prevents the biggest stake-holders from always publishing the block. They still have more chance of meeting the target though, since the expected value of the BCD gain speed is proportional to the amount of resources owned (also similar to PoW).
Unlike some other lottery systems addresses, this does not reward splitting your funds into multiple addresses.

Difficulty target can be initialized analytically to target a specific block generation time, as the distribution of Protoshares can be calculated at the genesis of Bitshares. However, I think target adjustment would have to be completely empirical afterwards (increase if blocks are generated too fast, decrease if too slow).
To help constrain block generation time, I think a polynomial weighting of time could be used (e.g.: use time_since_last_block^4 instead). If time_since_last_block < 1, it is harder to reach the target. If time_since_last_block > 1, it is easier. Stronger degrees increase this effect.

Latency is not an issue, given that if you receive two blocks, you can easily see which one met the target first. However, this implies using the sum of BCDs to determine the main chain (at least to some extent).

I really like this approach and am attempting to internalize it.

Glad you like it :)

However I just realized I was a little too hasty in assuming the probability to broadcast a block was proportional to the coins you owned.
This is because when you are a small owner, you do not just need to be lucky to publish a block, you also need all the bigger owners to be (much) less lucky than you.
In other terms, it's not BCD that should be proportional to the number of coins owned, it's the probability that your score will be the highest, which is not the same.

A quick fix would be to use "lottery tickets" instead of addresses. Each ticket has a value equal to hash(signature(hash(previous_block)+sequence_number)). If you have 3 coins, you have 3 tickets (sequence numbers 1, 2 and 3. All tickets are equivalent, so this time your odds to win are truly proportional to your number of coins, i.e.: number of tickets.
Then when time_since_last_block^n * AND(ticket, hash(previous_block)) ==  target, you can claim your gains by broadcasting the new block, with your signed message embedded.
If you try to claim ticket 4, it won't work because the other nodes know you don't have 4 coins.
The use of a signature is to deter people from trying to guess other people's tickets and engineering blocks that would be better for them (adding/shuffling transactions). It might not be necessary, depending on how long/how much it takes.

EDIT: another variant, even closer to PoW. Remove time_since_last_block from the target calculation. Instead, everybody draws additional tickets every second: ticket = hash(signature(hash(previous_block)+sequence_number+seconds_since_last_block)). Now it truely is like PoW, and there is some hashing involved, but your contribution is capped by your stake and not by your hardware. If you have 1000 coins, your are capped at 1kH/s. Of course, units are arbitrary.
The benefit is that it makes block generation time less variable.

EDIT2: It seemed to me all these lottery systems are potentially vulnerable to block engineering: if someone had enough hashing power, they might be able to produce favorable blocks with very few coins, by performing minor changes on the list of transactions.
I suppose the system could be made resistant to block engineering by only taking the hash of fields in the block that cannot be altered for lottery purposes, like the signature of the reward claimer and the block height. If you have a ticket good enough to claim the reward, your only degree of freedom is to claim it or not, so your possibilities for block engineering are very limited.
New blocks still have to reference the hash of the previous full block (i.e.: including transactions) though, for obvious security/consensus reasons.
« Last Edit: December 16, 2013, 05:14:01 pm by arkanaprotego »

Offline bytemaster

Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #78 on: December 16, 2013, 05:45:21 pm »
The problem with all existing systems (except Ripple) is that blocks are 'centralized' in who defines the block.  When you add markets to a blockchain this becomes a problem.

The Ripple algorithm allows many nodes to reach consensus and provided you have a solid set of Unique Nodes you don't have to trust any one node.

I believe that the Ripple algorithm can be used to build blocks, and transactions as proof-of-stake can be used to slowly ratify those blocks over time.   Your transactions would confirm almost instantly and once enough CDD have passed the state is beyond reproach in the event all of the major UNL are taken down (internet Kill switch) and the network must restart on the other side.

Why should we try to replace something Ripple has already solved?   
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline phoenix

  • Sr. Member
  • ****
  • Posts: 275
    • View Profile
Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #79 on: December 16, 2013, 06:38:34 pm »
The problem with all existing systems (except Ripple) is that blocks are 'centralized' in who defines the block.  When you add markets to a blockchain this becomes a problem.

The Ripple algorithm allows many nodes to reach consensus and provided you have a solid set of Unique Nodes you don't have to trust any one node.

I believe that the Ripple algorithm can be used to build blocks, and transactions as proof-of-stake can be used to slowly ratify those blocks over time.   Your transactions would confirm almost instantly and once enough CDD have passed the state is beyond reproach in the event all of the major UNL are taken down (internet Kill switch) and the network must restart on the other side.

Why should we try to replace something Ripple has already solved?   

So you're proposing a hybrid system, that's a combination of Ripple's consensus algorithm, and transaction POS? I think this could work very well, and I like the idea of combining the fast confirmation time of Ripple with the added security of POS
Protoshares: Pg5EhSZEXHFjdFUzpxJbm91UtA54iUuDvt
Bitmessage: BM-NBrGi2V3BZ8REnJM7FPxUjjkQp7V5D28

Offline bytemaster

Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #80 on: December 16, 2013, 06:57:43 pm »
The problem with all existing systems (except Ripple) is that blocks are 'centralized' in who defines the block.  When you add markets to a blockchain this becomes a problem.

The Ripple algorithm allows many nodes to reach consensus and provided you have a solid set of Unique Nodes you don't have to trust any one node.

I believe that the Ripple algorithm can be used to build blocks, and transactions as proof-of-stake can be used to slowly ratify those blocks over time.   Your transactions would confirm almost instantly and once enough CDD have passed the state is beyond reproach in the event all of the major UNL are taken down (internet Kill switch) and the network must restart on the other side.

Why should we try to replace something Ripple has already solved?   

So you're proposing a hybrid system, that's a combination of Ripple's consensus algorithm, and transaction POS? I think this could work very well, and I like the idea of combining the fast confirmation time of Ripple with the added security of POS

Keyhotee helps build a darknet of solid UNL based upon all of your friends and family.  Tie in a couple of 'super nodes' from major businesses and exchanges and the network consensus would be very robust.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline luckybit

  • Hero Member
  • *****
  • Posts: 2921
    • View Profile
  • BitShares: Luckybit
Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #81 on: December 16, 2013, 07:10:15 pm »
The problem with all existing systems (except Ripple) is that blocks are 'centralized' in who defines the block.  When you add markets to a blockchain this becomes a problem.

The Ripple algorithm allows many nodes to reach consensus and provided you have a solid set of Unique Nodes you don't have to trust any one node.

I believe that the Ripple algorithm can be used to build blocks, and transactions as proof-of-stake can be used to slowly ratify those blocks over time.   Your transactions would confirm almost instantly and once enough CDD have passed the state is beyond reproach in the event all of the major UNL are taken down (internet Kill switch) and the network must restart on the other side.

Why should we try to replace something Ripple has already solved?   

So you're proposing a hybrid system, that's a combination of Ripple's consensus algorithm, and transaction POS? I think this could work very well, and I like the idea of combining the fast confirmation time of Ripple with the added security of POS

Keyhotee helps build a darknet of solid UNL based upon all of your friends and family.  Tie in a couple of 'super nodes' from major businesses and exchanges and the network consensus would be very robust.

I think you may be onto something. Is there a way to make sure the nodes are geographically diverse? Probably not because we'd have no way of knowing that but that would be the only way I could think of to improve on it.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline phoenix

  • Sr. Member
  • ****
  • Posts: 275
    • View Profile
Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #82 on: December 16, 2013, 07:19:48 pm »
The problem with all existing systems (except Ripple) is that blocks are 'centralized' in who defines the block.  When you add markets to a blockchain this becomes a problem.

The Ripple algorithm allows many nodes to reach consensus and provided you have a solid set of Unique Nodes you don't have to trust any one node.

I believe that the Ripple algorithm can be used to build blocks, and transactions as proof-of-stake can be used to slowly ratify those blocks over time.   Your transactions would confirm almost instantly and once enough CDD have passed the state is beyond reproach in the event all of the major UNL are taken down (internet Kill switch) and the network must restart on the other side.

Why should we try to replace something Ripple has already solved?   

So you're proposing a hybrid system, that's a combination of Ripple's consensus algorithm, and transaction POS? I think this could work very well, and I like the idea of combining the fast confirmation time of Ripple with the added security of POS

Keyhotee helps build a darknet of solid UNL based upon all of your friends and family.  Tie in a couple of 'super nodes' from major businesses and exchanges and the network consensus would be very robust.

So the more widespread Keyhotee is, the more secure the network is? Everything seems to hinge on widespread adoption of Keyhotee...
Protoshares: Pg5EhSZEXHFjdFUzpxJbm91UtA54iUuDvt
Bitmessage: BM-NBrGi2V3BZ8REnJM7FPxUjjkQp7V5D28

Offline arkanaprotego

  • Newbie
  • *
  • Posts: 11
    • View Profile
Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #83 on: December 16, 2013, 08:01:51 pm »
What I don't like in Ripple is that most people cannot become validators because you need a reputation for that. And it doesn't matter who you trust, what matters is who trusts you: if everybody noticed more than half the nodes of the default UNL were subverted by some entity, no one would be able to help it, because no one would trust each other. Worse yet, the honest validators would validate the dishonest ledgers in the name of consensus.

But on the other hand I am beginning to be convinced that securing economic infrastructures with money only (in the form of ASICs, electricity, shares... you name it) is not so great, because it is quite cheap for a powerful attacker as long as the community is growing.

So distributed trust might be the safest solution for the moment... But definitely not the one I like most.

Offline itnom

  • Full Member
  • ***
  • Posts: 64
    • View Profile
    • Bitsapphire - The web development group that makes disruptive startups happen
Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #84 on: December 22, 2013, 03:25:19 pm »
I believe that the Ripple algorithm can be used to build blocks, and transactions as proof-of-stake can be used to slowly ratify those blocks over time.   Your transactions would confirm almost instantly and once enough CDD have passed the state is beyond reproach in the event all of the major UNL are taken down (internet Kill switch) and the network must restart on the other side.

bytemaster, this makes a lot of sense to me, however, the rapid block generation would break the promise of bitshares being human tradeable, wouldn't it? How many transactions could be included in such a block?

From a systems engineering point of view such a web of trust would need additional functions such as a solid reputation system with a 0 tolerance level for double spends.

Additionally, to make things more equal, I could really see some sort of randomized block generation mechanism whereas any node with a sufficient reputation level can create a block during some intervals out of its web of trust. The chain with the most blocks stacked on top of it would become the official ledger. Other nodes with enough reputation could then look into the broadcasted blocks and determine any double spends, not relaying those, and somehow killing the dishonest nodes' reputation.

However, such a system would make upgrading the entire system almost impossible unless at least 51% of all block generating nodes decide to switch *at once*.
Back our bid as a BitShares Delegate! http://bitsapphire.com/Bitshares-Delegate

wallet_approve_delegate bitsapphire true

Offline bytemaster

Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #85 on: December 23, 2013, 06:45:19 pm »
Failure to agree is agreeing to fail, or such is the nature of the marketing behind Ripple.

Given the Unique Node List (UNL) only works when it is cyclic, ie: the nodes trust each other directly or indirectly, this creates a potential for a group of nodes to collude and keep new nodes from joining the inner circle.   No outside party can come along and force their way in.  This provides security while potentially resulting in centralization if the UNL is short.

The defense against this is that it is very easy to launch a clone of the DAC with a more open UNL that follows the social consensus to include all valid transactions in a timely manner. 

Each node in the UNL gets one vote on which transactions to include and once 80% of the nodes are all voting the same way a block is added.  The question becomes who gets to vote?   The most basic version is a single node produces all blocks and everyone has a UNL list that trusts that node.  There is not enough redundancy there, so you spawn 2 nodes that add each other to their UNL (owned by different people).  If these nodes don't add anyone else to their UNL then only their consensus matters. 

Ultimately control will reside in an inner circle which may be 1000 companies sharing a UNL.  These companies are like the Trustees in my Proof of Stake system, except they could form a cartel.    Even with Trustees elected via CDD you can still end up with a cartel because those 'in power' get to control what votes go into the block chain. 

My ultimate conclusion from all of this is that the market is the only thing that is truly decentralized and that competition among DACs each with a different set of gatekeepers is what ultimately protects the little guy. 

Proof-of-Work is costly, less secure, and ultimately results in a self-appointed cartel of individuals willing to destroy the most wealth
Proof-of-Stake is better, but has longer verification times depending upon transaction volume, identifies the best chain, but fails to decide who gets to add blocks. 
Ripple Consensus results in a cartel of merchants and banks.

The only thing that underpins the value of all crypto-equities is the market consensus and network effect.  Bitcoin would rapidly lose value if the self-appointed cartel started to implement tainted coins or otherwise manipulate the blockchain.  The same is true for any DAC.

With BitShares the level of competitive pressure increases dramatically because every chain can have its own BitUSD regardless of the network effect and from a user's perspective it doesn't matter if the value of the BitShares backing it are $1 or $1000 so long as it is not 0.  This means that the dominate BitShares chain must behave or else the market will quickly appoint a new cartel to manage the chain and honor all positions from the previous chain. 

Competition is decentralization and everything else is centralized.   Based upon this insight I believe that we should redefine our goals for DACs:

1) Public Ledger that is easily migrated between competing Cartels
2) Each cartel should have many servers, owned by different people, in as many jurisdictions as possible
3) Many Parallel Alt-DACs powered by different Cartels

As a whole the ecosystem would be entirely decentralized and impossible to shutdown.  It would also be entirely transparent. 

With this understanding we have an entirely different approach to security with a focus on making competition as fierce as possible.  This means the following goals:

1) API Standardization
2) Merchant solutions should be designed to accept a new DAC's BitUSD with a click of a button so merchants can simply support "EVERYONE" and thus anyone can rapidly gain the network effect.
3) DACs should be as easy to build and deploy as possible
4) Cross-DAC trading needs to be made easy.

With these things in place, competition will force fairness and openness. 






For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline phoenix

  • Sr. Member
  • ****
  • Posts: 275
    • View Profile
Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #86 on: December 23, 2013, 07:58:33 pm »
Competition is decentralization and everything else is centralized.   Based upon this insight I believe that we should redefine our goals for DACs:

1) Public Ledger that is easily migrated between competing Cartels
2) Each cartel should have many servers, owned by different people, in as many jurisdictions as possible
3) Many Parallel Alt-DACs powered by different Cartels

As a whole the ecosystem would be entirely decentralized and impossible to shutdown.  It would also be entirely transparent. 

With this understanding we have an entirely different approach to security with a focus on making competition as fierce as possible.  This means the following goals:

1) API Standardization
2) Merchant solutions should be designed to accept a new DAC's BitUSD with a click of a button so merchants can simply support "EVERYONE" and thus anyone can rapidly gain the network effect.
3) DACs should be as easy to build and deploy as possible
4) Cross-DAC trading needs to be made easy.

With these things in place, competition will force fairness and openness. 

So by making it easy to compete, you ensure that the Cartels running each DAC either support their community or their version of a DAC will fade into the background. If every one of these DACs honors PTS at a minimum of 10% of the total then PTS holders could end up very wealthy from all the shares they'll get in all these different DACs! :)
Protoshares: Pg5EhSZEXHFjdFUzpxJbm91UtA54iUuDvt
Bitmessage: BM-NBrGi2V3BZ8REnJM7FPxUjjkQp7V5D28

Offline Brekyrself

  • Hero Member
  • *****
  • Posts: 510
    • View Profile
Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #87 on: December 25, 2013, 06:15:14 pm »
Why not a hybrid POW and POS solution?  Use momentum 2.0 for distribution of coins eventually tapering off to a small amount per year just to account for lost or destroyed coins etc...

Merry Christmas

Offline luckybit

  • Hero Member
  • *****
  • Posts: 2921
    • View Profile
  • BitShares: Luckybit
Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #88 on: December 25, 2013, 07:44:41 pm »
The only thing that underpins the value of all crypto-equities is the market consensus and network effect.  Bitcoin would rapidly lose value if the self-appointed cartel started to implement tainted coins or otherwise manipulate the blockchain.  The same is true for any DAC.

Today Bitcoin would lose value. In 5 or 10 years the demographic of users will be entirely different and Bitcoin might gain value.

With BitShares the level of competitive pressure increases dramatically because every chain can have its own BitUSD regardless of the network effect and from a user's perspective it doesn't matter if the value of the BitShares backing it are $1 or $1000 so long as it is not 0.  This means that the dominate BitShares chain must behave or else the market will quickly appoint a new cartel to manage the chain and honor all positions from the previous chain. 

Competition is decentralization and everything else is centralized.   Based upon this insight I believe that we should redefine our goals for DACs:

How can we avoid the network effect with the cartels? We need to do everything we can to strategically decrease the power that cartels have. Cartels should have a specific function and it's power should not leak or transfer to anything beyond that specific function. To be simple how do we contain the power of cartels beyond competition which doesn't seem to work very well in the real world for containing the power of banks.
« Last Edit: December 25, 2013, 07:50:24 pm by luckybit »
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline Troglodactyl

  • Hero Member
  • *****
  • Posts: 960
    • View Profile
Re: Transactions as Proof-of-Stake & The End of Mining
« Reply #89 on: December 28, 2013, 04:41:05 pm »
For determining who could broadcast a block, why not aggregate the transaction source addresses and hash that aggregation, then require that the broadcaster's public key hash be within n units of it in order to broadcast, where n is the number of coin days he is destroying, and the magnitude of the unit increases with time since last block?
« Last Edit: December 28, 2013, 04:42:46 pm by Troglodactyl »