Author Topic: Transactions as Proof-of-Stake & The End of Mining  (Read 87431 times)

0 Members and 1 Guest are viewing this topic.

Offline bytemaster

This is very similar to the original TaPOS paper, the primary difference is difficulty adjustment and mining reward. 

Transactions must reference one of the 2 most recent blocks for their CDD to count toward reducing the mining difficulty.

Transactions from a forked chain can be migrated like any new transaction, their CDD does not count when migrated.

Target block time is 5 minutes.

In my implementation I have removed the square after further review.

Momentum is the hashing algorithm.

What prevents someone from picking a block far in the past, adding their own transaction with large CDD to its transaction set, then mining and broadcasting a new block with the resulting higher BCDD, causing a huge reorg of all children blocks?

Because there would be no CDD built on top of that modified block.   

There is also the fact that chain will never perform a reorganization beyond a couple of blocks.  I believe bitcoin almost never has a reorg beyond one or two blocks.  Nodes assume the network has remained connected and thus any major reorganization is an indication of an attack.   Unlike bitcoin I allow the head block to be replaced when two blocks are found at once so the network doesn't split based upon latency in this case.  All nodes build off of the best current block.

Bottom line:  unless there is a problem with network infrastructure it is unlikely any new 'fork' is legitimate and it should be rejected by default.  In other words, it will not be propagated or relayed through the network except by manual intervention.  If there is a problem with network infrastructure then all trading must stop immediately on the minority chain because market transactions cannot be migrated between chains. 

In this case it works like ripple consensus, all nodes assume the public information they already have is legitimate and reject anything that would suggest otherwise.   

For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline vikram

This is very similar to the original TaPOS paper, the primary difference is difficulty adjustment and mining reward. 

Transactions must reference one of the 2 most recent blocks for their CDD to count toward reducing the mining difficulty.

Transactions from a forked chain can be migrated like any new transaction, their CDD does not count when migrated.

Target block time is 5 minutes.

In my implementation I have removed the square after further review.

Momentum is the hashing algorithm.

What prevents someone from picking a block far in the past, adding their own transaction with large CDD to its transaction set, then mining and broadcasting a new block with the resulting higher BCDD, causing a huge reorg of all children blocks?

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
Quote
5) So making a transaction with large CDD can be used to immeditately confirm block before target block time?

You missed this one

Quote
The only thing a 'miner' can do to harm the network is Denial of Service (blocking transactions), but a miner attempting to do this would be at a disadvantage against all of the miners which are including transactions. 

I think that if miners still have the ability to choose transaction order then pools will form that pay out higher rewards from selling transaction order advantage to traders
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline bytemaster

This is very similar to the original TaPOS paper, the primary difference is difficulty adjustment and mining reward. 

Transactions must reference one of the 2 most recent blocks for their CDD to count toward reducing the mining difficulty.

Transactions from a forked chain can be migrated like any new transaction, their CDD does not count when migrated.

Target block time is 5 minutes.

In my implementation I have removed the square after further review.

Momentum is the hashing algorithm.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline vikram

I have been working on the consensus algorithm and while it is fast it has the following problems:
1) There is no way to compensate people for running full nodes. 
2) The cost of running full nodes grows with N^2 the number of nodes participating in the consensus process
3) There is no way to reward nodes that participate in consensus to cover the cost of bandwidth growing
4) If you rely on charity, the regulatory risks may result in nodes not proliferating
5) If you do reward nodes participating in the consensus process your costs either grow N^2 or nodes on the UNL have financial incentive NOT to add new nodes to the inner circle.
6) If you rely on indirect benefits then the incentives might not be properly aligned.

My conclusion is that the primary benefit for using the consensus algorithm is automatic failover in the event some nodes go down.  I also believed it was more decentralized that BTC but perhaps less so than NXT.

To this end it seems I must strive to achieve the goal of decentralization and thus have a new proposal for implementing TPOS. 

1) The "mining" reward will be kept to 1% of transaction fees.  We do not want significant resources thrown at this because the only purpose of mining now is to decide on the next block, NOT to secure the network.  The cost of mining should thus be very small and amount to an election.

2) Let N be the number of blocks per year
    Let M be the money supply at the start of the year
    Let m be the money transacted and n be the number of days since it was last moved.
    Let CDD be m*n
    Let ACDD be the Average CDD per block which can be calculated as N*M/N or M
    Let T be the base mining difficulty target (adjusted via moving average)
    Let BCDD be the CDD actually destroyed by the block.

    IF( BCDD > ACDD ) BCDD = ACDD.

    Given the above we can define the target difficulty for solving a block as:
   
    1 + T*(1- BCDD/ACDD)^2

3) The only transactions that count toward CDD are those that reference a prior block in the chain, thus miners will be unable to build secret chains using CDD of transactions produced by regular users.
4) If two blocks are found that extend the same chain, the one with the most CDD wins.
5) If two blocks with the same CDD are found then the one with the higher hash wins.

Results:  everyone can mine and attempt to produce a block at some 'base level' that is not perceptible to the user.  Someone with a large amount of the share supply would have limited advantage because everyone gets to mine POS using everyone else's transactions and everyone is mining at a base level, say 1% of CPU. 

The only thing a 'miner' can do to harm the network is Denial of Service (blocking transactions), but a miner attempting to do this would be at a disadvantage against all of the miners which are including transactions. 

So what can someone with unlimited hashing power do...  they can still perform a DOS on the network provided they have  100,000 * the number of computers on the network in hash power.  Unfortunately for them, the cost would far exceed the fees earned. 

Something to think about.

How is that for decentralized?

  • Overall, this seems to precisely be an implementation of the original TaPOS paper. Are there any fundamental differences?
  • Do transactions reference a "parent" block, or just any "recent" block (and what does "recent" mean)?
  • How exactly are transactions from a forked chain migrated to the true chain?
  • What is target block time?
  • So making a transaction with large CDD can be used to immeditately confirm block before target block time?
  • Why the square in the block target difficulty calculation?
  • What hashing algorithm?

Offline valtr

  • Full Member
  • ***
  • Posts: 141
    • View Profile
At this moment I am mining Protoshares 24 hours daily + I am runing the Protoshares wallet with >100 nodes connected. I hope running the wallet is helpfull for the community.
As far as I understand running Bitshares client will be the same + some litle income to help cover the cost of running computer.
« Last Edit: February 01, 2014, 09:52:26 am by meda »

Offline bytemaster

I have been working on the consensus algorithm and while it is fast it has the following problems:
1) There is no way to compensate people for running full nodes. 
2) The cost of running full nodes grows with N^2 the number of nodes participating in the consensus process
3) There is no way to reward nodes that participate in consensus to cover the cost of bandwidth growing
4) If you rely on charity, the regulatory risks may result in nodes not proliferating
5) If you do reward nodes participating in the consensus process your costs either grow N^2 or nodes on the UNL have financial incentive NOT to add new nodes to the inner circle.
6) If you rely on indirect benefits then the incentives might not be properly aligned.

My conclusion is that the primary benefit for using the consensus algorithm is automatic failover in the event some nodes go down.  I also believed it was more decentralized that BTC but perhaps less so than NXT.

To this end it seems I must strive to achieve the goal of decentralization and thus have a new proposal for implementing TPOS. 

1) The "mining" reward will be kept to 1% of transaction fees.  We do not want significant resources thrown at this because the only purpose of mining now is to decide on the next block, NOT to secure the network.  The cost of mining should thus be very small and amount to an election.

2) Let N be the number of blocks per year
    Let M be the money supply at the start of the year
    Let m be the money transacted and n be the number of days since it was last moved.
    Let CDD be m*n
    Let ACDD be the Average CDD per block which can be calculated as N*M/N or M
    Let T be the base mining difficulty target (adjusted via moving average)
    Let BCDD be the CDD actually destroyed by the block.

    IF( BCDD > ACDD ) BCDD = ACDD.

    Given the above we can define the target difficulty for solving a block as:
   
    1 + T*(1- BCDD/ACDD)^2

3) The only transactions that count toward CDD are those that reference a prior block in the chain, thus miners will be unable to build secret chains using CDD of transactions produced by regular users.
4) If two blocks are found that extend the same chain, the one with the most CDD wins.
5) If two blocks with the same CDD are found then the one with the higher hash wins.

Results:  everyone can mine and attempt to produce a block at some 'base level' that is not perceptible to the user.  Someone with a large amount of the share supply would have limited advantage because everyone gets to mine POS using everyone else's transactions and everyone is mining at a base level, say 1% of CPU. 

The only thing a 'miner' can do to harm the network is Denial of Service (blocking transactions), but a miner attempting to do this would be at a disadvantage against all of the miners which are including transactions. 

So what can someone with unlimited hashing power do...  they can still perform a DOS on the network provided they have  100,000 * the number of computers on the network in hash power.  Unfortunately for them, the cost would far exceed the fees earned. 

Something to think about.

How is that for decentralized?
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline cob

  • Board Moderator
  • Sr. Member
  • *****
  • Posts: 376
    • View Profile
  • BitShares: cobb
Can anyone explain exactly how III is combining ripple's consensus mechanism with Proof of stake?
I've watched the ripple video. I'm not sure where proof of stake would fit in all this.
Anyone have mad explaining skills? Or maybe a nice explainer article and video?

thanks
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline Ben Mason

  • Hero Member
  • *****
  • Posts: 1070
  • Integrity & Innovation, powered by Bitshares
    • View Profile
  • BitShares: benjojo
please correct me if i'm wrong, but does it really matter who profits or by how much from the initial building of decentralized infrastructure.  All that really matters is that it is built and given the opportunity to thrive and out-compete structures based on hierarchies.  The real benefits are in the long term where the allocation of capital and resource will become more democratic and wealth will become more evenly distributed.  The knock on benefits have the power to tranform humanity and move us closer to becoming civilized.

Offline earthbound

  • Full Member
  • ***
  • Posts: 120
    • View Profile
    • earthbound.io
What's a good topic, web site or reference for me to research to get the background that would render me able to comprehend this paper on any level? For example, if I come to understand Peercoin's proof-of-stake implementation (how it works, what its purpose is, etc.), would that give me a background? (And maybe I could review the mechanics of Bitcoin before I even tried taking on Peercoin?)

Because wow-ee, I am utterly lost.

???
I think I'm not alone when I say I'd like to see more and more planets fall under the ruthless dominion of our solar system. -Jack Handey

Offline bytemaster


The Cons of Proof-of-Stake?
1) How to distribute coins?  Many options here.


What if coins are distributed from a faucet in such a way that it is as evenly distributed around the world as possible?

e.g. - use the requestor's IP address and employ daily limits per subnet, etc.

I understand the issue is that the faucet itself is centralized, but if kept honest it would provide decentralized distribution of coins.

If there is a way to incorporate that logic in the P2P nodes themselves, even better.

I'd love to see a coin in which adoption is not motivated purely by greed and pre-mine.

Premining is only a problem when a currency is based upon a speculative bubble and pump and dump.  If a *share* is allocated to the developers of technology that provides a *service* and thus produces non-speculative value then the creators are the initial owners and may sell or distribute in any way that they believe will maximize their profits. 

 Isn't it greed and envy that motivate the masses that want something for nothing?   No one ever accused AAPL of premining their stock.   

We should stop expecting people to be selfless and instead focus on producing the most value for our fellow man and thus earning the highest profits.   If you don't like their distribution market competition can kick in to keep everyone honest.



For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline Schwede65

  • Full Member
  • ***
  • Posts: 65
    • View Profile
Suggestions for the transaction-chain of bitshares

1. one ordering-node (with extra two parallel running backup-server - one of them goes online when the master is down) to define only the sequence of the transactions
this ordering-node gets this - at first at one node-confirmed transactions - to post the transaction-sequence to the 20 nodes

if in the first step a transaction has to be set corrupt (wrong addresses or other mistakes) it has to be sent back to the client by the node without sending it to the ordering node

2. 20 nodes get this sequence and confirm the transaction(s) with their full transaction-chain - a transaction is confirmed and done by minimum of 10 or 15 different nodes-approvals

3. the full transaction-chain must be on all 20 nodes for the confirmations

4. the thin client can choose which data he wants to have
a) minimum (default): the confirmed transactions of this client (very thin for mobiles and smartphones)
b) medium: decentralized distribution of the transaction-chain - done by the nodes - they divide the whole transaction-chain into 25, 50, 100 or more pieces and send them to the clients - one piece of the whole chain has to be sent to minimum 50 clients
c) full: the whole transaction-chain downloadable by the nodes - with the full download of the chain he is part of the complete transaction-chain-distribution on the network - may be the thin client is now a full client and could be a part of the transaction-confirmation-job of the 20 nodes - so we might have for a correct transaction-confirmation 10 % of the (now) full clients

the numbers of the 20 nodes are scalable - may be starting with 10 nodes

so the bitshares-system has to run 23 (13) server - with the donations now it is no financial problem

or is this system too centralized?
« Last Edit: January 22, 2014, 03:55:09 pm by Schwede65 »

Offline nametooshort

  • Jr. Member
  • **
  • Posts: 46
    • View Profile
Did Bitshares lack of checkpointing?
Bitshares should grant nodes which meets a condition to sign checkpoints, like Solidcoin, but not necessary for network.
Even if writing Protoshare address in signature is not something good,
PvDZqsSyAsCDYNyYCfwZmy19EVohxnbnKB

Offline bytemaster

There is never an opportunity for a 'chain fork' because of the ripple style consensus algorithm used to extend the chain.  Those who create transactions are merely signing the global consensus ledger and making it impossible for the core consensus nodes to create an alternative chain.

Ripple operates just fine without TaPOS so the only thing TaPOS is doing is making the ledger signing more distributed and harder to forge than in ripple alone. 

So the proper comparison is Consensus + TaPOS.

Failure to agree is agreeing to fail as Ripple states it.

I would like to make a point about decentralization:  Separation of Powers is decentralized even if there is only one party trusted with a given task at any given moment.   

Suppose for a second you had the following situation: a single server that signs every block and distributes it to everyone.  Yikes "that is centralized!" most people would complain, but lets examine the 'power' this server has?

1) It is well known and thus cannot get away with a double spend.
2) It cannot change the history of the block chain, everyone else has cemented the server's prior signatures in stone via TaPOS
3) It cannot produce alternate chains for different users because all users are comparing notes as to the current head block.
4) It cannot change the validation rules arbitrarily because every block produced must be validated by all nodes or all transactions stop until someone else can be appointed the block creation role.

So it seems that the only power this ONE node has is to select which transactions to include.   This is no different than one or 2 nodes in the bitcoin network or any network based upon proof of work.   

The last step toward decentralization is robust automatic failover in the event this one node is shutdown or attempts (but fails) to comment fraud.   Systems like Ethereum automatically shift who has this role every single block based upon a mining lottery.  Even their POS system is based upon a mining lottery where the ease of mining is adjusted by your balance.  Here you still centralize the process of selecting transactions ONE BLOCK at a time, you just have very short term limits.  Dictator for a block if you will.

Consensus is simply an algorithm to decentralize the process of selecting which transactions go into every block and to provide robust automatic failover in the event a single node goes down.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline vikram

Comments from Vitalik Buterin on Transactions as PoS: http://www.reddit.com/r/ethereum/comments/1vh94e/dagger_updates/cesv1d8?context=3

Quote
Transactions-as-POS is good against secret attack chains, but falls apart against public attacks for the exact same reason as PPCoin-style POS - recipients of transactions want to see a version of the transaction for each version of the blockchain so that they can be sure they won't be double-spent during a reorg, and so people making transactions have an incentive to make a version of the transaction for each version of the blockchain (ie. double mining) to satisfy the recipients. Transactions-as-POS plus Slasher-style punishment solves the problem, but then introduces too many opportunities to send people money and then destroy that money and get a portion back immediately after the fact.

Thoughts?