Consensus on the list of delegates

[gamey]

Does game theory account for people that can't be bought?

No, but game theory is constantly misapplied now that the concept has become mainstream and perhaps taught to some degree in numerous undergrad classes.

[gamey]

How does NXT fix this 51% problem ?

Nxt doesn't have delegates. A briber have to pay to almost everyone.

There are those forging pools or whatever NXT calls them.  So we  realize you don't call them Delegates, but what happens if 51%+ of them are malicious and ignore the blocks of the minority?  Can the rest of the network recover?

[donkeypong]

Basically, it's possible for any election on the planet earth to be "bought" in one way or another. So you're saying that elections are always suspect? That BitShares delegates will care more about a potential small bribe than about their longer term financial interest and fiduciary duty to act in the best interests of BitShares? I certainly don't see this as a solid possibility.

Modern election systems are more secure because the branch of the state that supervises election process is not controlled by another branch which is being elected.

With DPoS, I think that we are beyond this.

The Separation of Powers into multiple branches has served an important function, basically to ensure that no one person or group has total control. There is a functional aspect to this also, because each branch is handling different work (e.g. legislative branch as lawmaker, executive as day-to-day operator and enforcer, and judiciary as arbiter of disputes). And in a modern parliamentary system, many of these functions are fused together anyway. But in a trustless DAC community, a lot of these typical functions are moot.

BitShares delegates are elected independently. There is no traditional election cycle, so they can be voted out at any point if they abuse the community's trust. Each of them handles differing functions, depending on their utility, in addition to their core function of verifying blocks. So one could say that it's a single-branched system, but really it is a decentralized (101-branched) structure where no one delegate must answer to any other. The notion of a conspiracy of bribery between a majority of delegates is as far-fetched as a conspiracy between multiple branches of a traditional government. One could just as easily buy of a majority of a nation's legislature and of its highest court in order for them to agree with the executive 100% of the time.

[Come-from-Beyond]

Does game theory account for people that can't be bought?

Dunno, I'm not an expert. But a cryptocurrency can't rely on trust.

[Empirical1.2]

If Bitcoin had a 101 delegate system how much would you have to bribe an Andreas Antonopolous or an Amir Taaki delegate to sabotage Bitcoin?

What about someone like Max Keiser who might choose to be a delegate for personal reasons despite having a net worth of $X million +?

If you were elected a delegate in NXT, would it be easy to bribe you?

Does game theory account for people that can't be bought?

[Come-from-Beyond]

Thank you Come-from-Beyond, for helping us harden our security model, and harden our theories backing up our current system.

It's more about whitepaper now.

I see that the whitepaper lacks the following:
1. Protocol that allows to detect hostile delegates (with some quantitative analysis on probabilities of detection).
2. Protocol how hard-fork is handled.

This is a serious obstacle to world domination because the outer world doesn't know what to do in extraordinary cases. It will not figure out the details by itself and will simply pick another cryptocurrency.

[Troglodactyl]

Thank you Come-from-Beyond, for helping us harden our security model, and harden our theories backing up our current system.

[fluxer555]

Thank you Come-from-Beyond, for helping us harden our security model, and harden our theories backing up our current system.

[Come-from-Beyond]

That would be true if there was only one delegate.

The proof of this statement is not presented in DPoS whitepaper, hence it's better (for security) to assume the opposite.

[Troglodactyl]

This whole thread has been focused on the implausible scenario in which most delegates are compromised. Exploring handling for such extreme cases is healthy, but it's important to keep the probability context in mind.

Actually the thread was derailed with bribery example. The point was supposed to be - if delegates control the only medium of exchange then this channel cannot be used for sending information that affect the delegates.

That would be true if there was only one delegate.

EDIT: Also nice to confirm that your original purpose here was to attack the system, not to understand it as you said in your OP. :-P

[Come-from-Beyond]

This whole thread has been focused on the implausible scenario in which most delegates are compromised. Exploring handling for such extreme cases is healthy, but it's important to keep the probability context in mind.

Actually the thread was derailed with bribery example. The point was supposed to be - if delegates control the only medium of exchange then this channel cannot be used for sending information that affect the delegates.

[Troglodactyl]

Lastly if it is clear there is an attack, and it would be, then it would be TRIVIAL to release a universally accepted hard fork that simply reset the vote on the offending delegates to 0.

How is it trivial?

In context of such an incredibly unlikely situation in which all of the delegates have been hijacked and are persistently rejecting being voted out, such a fork would be an easy and verifiable code change.  In such a situation, I doubt the users would resist accepting the fork as an easy way to end the network disruption.

This whole thread has been focused on the implausible scenario in which most delegates are compromised. Exploring handling for such extreme cases is healthy, but it's important to keep the probability context in mind.

[Empirical1.2]

People who accept bribes think there's a high likelihood they won't get caught.

The delegates don't know who they're screwing over in an attack but the shareholders would  know who the majority of them are.

Finding a large group of people willing to take this risk is almost completely implausible especially high trust individuals who are elected based on established reputations.

If majority accepted the bribe then you will earn nothing because your blocks will be ignored. Game theory tells that you will follow the majority as long as risk of being caught and voted-out is below some threshold. You don't know what threshold the others chose so you start observing if Bob included voting-out transactions. With non-zero probability Bob can be a honest delegate but he picks all non-voting-out transactions (pure random). What will you do? More likely you will think that Bob is rogue. There is a bias towards scenario when delegates decide to abuse the power. Sybil attack makes it less risky to go the bad route.

I deleted the post as I don't actually know how it works in practice in terms of detection but if it is possible to discern who was involved in the attack, my point was not only do they risk being voted out but there's an additional personal safety/health risk associated with deliberately messing with other people's money if you are publicly known.

High trust, high reputation individuals are unlikely to be bribeable en masse. It would have to be massive to offset loss of future earnings potential and destruction of personal reputation + you have the additional risk of retribution if you can be detected.

[Come-from-Beyond]

Lastly if it is clear there is an attack, and it would be, then it would be TRIVIAL to release a universally accepted hard fork that simply reset the vote on the offending delegates to 0.

How is it trivial?

[Come-from-Beyond]

People who accept bribes think there's a high likelihood they won't get caught.

The delegates don't know who they're screwing over in an attack but the shareholders would  know who the majority of them are.

Finding a large group of people willing to take this risk is almost completely implausible especially high trust individuals who are elected based on established reputations.

If majority accepted the bribe then you will earn nothing because your blocks will be ignored. Game theory tells that you will follow the majority as long as risk of being caught and voted-out is below some threshold. You don't know what threshold the others chose so you start observing if Bob included voting-out transactions. With non-zero probability Bob can be a honest delegate but he picks all non-voting-out transactions (pure random). What will you do? More likely you will think that Bob is rogue. There is a bias towards scenario when delegates decide to abuse the power. Sybil attack makes it less risky to go the bad route.