Best Selling Option

[bytemaster]

The amount of basic double-spend protection is equal to the net present value of all future witness pay after you are caught.
Assuming 50,000 BTS per month ($300 at todays prices) then the net present value of the witness position over 10 years (assuming 5% APR) is $28,284.41.   

So who in their right mind would do business with an anonymous party when there are anonymous witnesses for an amount over $1000 and be unwilling to wait 10 seconds?

Hence... it will not happen.

[bytemaster]

Compromising one witness does not give you unlimited ability to perform a double spend attack.   To perform the "double-spend" they would have to broadcast the transaction 1 block before their turn, then skip the block that included their first transaction and produce a block that contained an alternative transaction... *AND* have cooperation of the next witness which would have to be in on it because that next witness would have seen the original block/transaction first and would therefore ignore the bad witnesses' block.

Nope... Here is why, and this is a good example of why Nothing At Stake still applies to DPOS.

* Assume I am an evil block producer
* I have identified the merchant I wish to attack by probing, or latency analysis or any other means whereby I know I can reach them more quickly than a general network broadcast
* I produce two blocks at the same height, one fake block which I send directly to the merchant and another which I intend to broadcast
* He accepts my fake block, and I subsequently broadcast the real block to the network, performing the double spend

The reason this works is because block production has 0 cost. In POW this is very much harder because producing a block has a very high cost. This is the essence of the nothing at stake attack.

Four things you assume:

1. A merchant that accepts a block as final when there are 2 competing blocks
2. The witness is not publicly known and subject to legal action (they would be caught)
3. That if a witness was intentionally producing double blocks that the network participants wouldn't immediately require at least 2 blocks of confirmation.
4.  That merchants would irreversibly ship an item with one block of confirmation.

Like I said, any merchant is free to determine the risks involved and set their policy accordingly.  If the risk of an evil witness exists then a merchant will simply wait a few seconds and the risk will quickly approach 0.

[monsterer]

Compromising one witness does not give you unlimited ability to perform a double spend attack.   To perform the "double-spend" they would have to broadcast the transaction 1 block before their turn, then skip the block that included their first transaction and produce a block that contained an alternative transaction... *AND* have cooperation of the next witness which would have to be in on it because that next witness would have seen the original block/transaction first and would therefore ignore the bad witnesses' block.

Nope... Here is why, and this is a good example of why Nothing At Stake still applies to DPOS.

* Assume I am an evil block producer
* I have identified the merchant I wish to attack by probing, or latency analysis or any other means whereby I know I can reach them more quickly than a general network broadcast
* I produce two blocks at the same height, one fake block which I send directly to the merchant and another which I intend to broadcast
* He accepts my fake block, and I subsequently broadcast the real block to the network, performing the double spend

The reason this works is because block production has 0 cost. In POW this is very much harder because producing a block has a very high cost. This is the essence of the nothing at stake attack.

[monsterer]

Using the profitability metric, the security of the blockchain depends upon whether or not it is more profitable to be a censorship free mining pool or to start censoring transactions

The profitability of attacking the chain is related to the cost of a double spend vs the amount you can double spend in one go.

You continue to ignore the point about double spending in DPOS being free in the worst case.

[bytemaster]

In DPOS the COST of a DIRECT attack is much higher  $1.5M dollars for BitShares 0.9 to gain control of all delegates via "frontal attack" compared with going after 51% of BTC.

Yes, but only a fool would attempt a direct attack when social engineering is free. One elected block producer can perform double spends continuously, and at zero cost until they get voted out, which in the new system is 24 hours minimum. In POW, the cost of a double spend is super linear in the number of blocks.

The cost to attack BTC is the cost of getting a TRUSTED mining pool operator to TURN. 

This is inaccurate. The cost of attacking BTC is the opportunity cost which the pool suffers (their margins) and THEN it is the cost of producing X blocks, which is super linear in the number of blocks.

Compromising one witness does not give you unlimited ability to perform a double spend attack.   To perform the "double-spend" they would have to broadcast the transaction 1 block before their turn, then skip the block that included their first transaction and produce a block that contained an alternative transaction... *AND* have cooperation of the next witness which would have to be in on it because that next witness would have seen the original block/transaction first and would therefore ignore the bad witnesses' block.

This means that you need at least 2 witnesses to attempt a double spend and you could only do it any time those two witnesses were randomly selected to follow one another.   

Lastly you could only perform the double spend attack as part of an anonymous transaction (ie: paying someone who does not know your identity) and the transaction and the other party would have to accept single confirmation transactions and then take some kind of irreversible action.   As a result meta-exchange, block trades, and exchanges would require several witnesses to sign (up to 51% of the witnesses).    Because most witnesses will be publicly known with real identities and reputations on the line, the risk of criminal charges for a provable intentional double spend that is not rectified is enough to prevent it from happening altogether.

The opportunity to execute large, anonymous transactions involving irreversible actions in less than 10 seconds will be vanishingly small.   Once it was detected everyone would be on notice to wait 10 seconds until 10 of 19 witnesses have signed and to vote out the attackers.    Therefore, you could probably pull off the double spend "ONCE", the profit earned would be small compared to the value of the income from the witnesses.

[bytemaster]

http://bytemaster.github.io/update/2015/09/29/Bitcoin-is-100x-less-secure-than-commonly-believed/

[monsterer]

In DPOS the COST of a DIRECT attack is much higher  $1.5M dollars for BitShares 0.9 to gain control of all delegates via "frontal attack" compared with going after 51% of BTC.

Yes, but only a fool would attempt a direct attack when social engineering is free. One elected block producer can perform double spends continuously, and at zero cost until they get voted out, which in the new system is 24 hours minimum. In POW, the cost of a double spend is super linear in the number of blocks.

The cost to attack BTC is the cost of getting a TRUSTED mining pool operator to TURN. 

This is inaccurate. The cost of attacking BTC is the opportunity cost which the pool suffers (their margins) and THEN it is the cost of producing X blocks, which is super linear in the number of blocks.

[consensus-analytics.com]

The cost to attack POW is not the cost they advertize ($414K per day for BTC).   The cost to attack any system is to attack at its weakest link, not its strongest.     For $18,000 per day in transaction fees you could completely cripple the bitcoin network until all of the wallets out there raised fees.  Then once they raise fees you pull off your attack until the wallet providers lower fees... then attack again.    For $18,000 per day you could easily make competing mining pools unprofitable.       

So the argument that it costs X times less to attack it is wrong on its face.        What does it cost to "attack" a swiss bank and get them to change their policy to censor/limit transfers?

You must compare COST to ATTACK vs VALUE of DAMAGE.   VALUE of DAMAGE is measured by how long the attack can be sustained and how costly it is to recover.   

The COST to ATTACK BTC may be $18,000 per day, but the attack can continue indefinitely.    As the attack progresses the value of BTC will fall which will make the attack cheaper to maintain.   

In DPOS the COST of a DIRECT attack is much higher  $1.5M dollars for BitShares 0.9 to gain control of all delegates via "frontal attack" compared with going after 51% of BTC.
In DPOS2 the COST of a DIRECT attack is even higher due to proxy voting and collateral voting raising the barrier

The cost to attack BTS2 is the cost of getting a TRUSTED community member to TURN on the community.  While some men/women are easily bought, other men/women have integrity that cannot be bought. 
The cost to attack BTC is the cost of getting a TRUSTED mining pool operator to TURN. 

If we assume that the cost of getting a mining pool to turn is similar to getting a witness to turn, then the fact that we have more witnesses means it costs more to get 50%
We know that many mining pools charge 0% while others charge 1%.  At 1% with 20% of BTC the mining pool has INCOME of $50K per month, but also has expenses. 

What we can conclude from this is that if witnesses had a combined income equal to that of the mining pools, then the cost to corrupt them would be the same.   

If we keep witness pay at 50,000 BTS per month (as proposed) and had 17 witnesses (as proposed) and BTS grew to be the size of BTC then they would each earn over $70K per month with far lower expenses.

From this I can conclude that the security of DPOS is greater while the cost is LESS which makes if much more efficient.   

I have written a blog post with pretty much the same type of arguments regarding POW vs DPOS security in a more structured form.
Maybe you find it useful to have these arguments in structured form for ppl who don't know the exact context of this conversation here:

http://consensus-analytics.com/pow-vs-pos-a-comparison-of-security-costs-in-open-distributed-ledger-protocols/

[bytemaster]

I don't think anyone is ignoring his *valid* points.    I have yet to see acknowledgement of the counter arguments to his proposal which are ALSO based on game theory.

All your counter arguments are from the POV of the well behaved witness, not from the perspective of the adversary - this even extends to your argument that securing the DPOS blockchain costs X times less than in POW therefore it is X times more efficient, when the actuality is that just costs X times less to attack it.

POS, for all its flaws, has a maximal game theoretical disadvantage to an adversary being the best block producer - they have the most to lose and yet can attack the most easily. In DPOS, such an attack can cost 0, in the case where a block producer has social engineered their way into power.

I have made arguments for why there would be no incentive for well behaved witness.  Providing incentive for good behavior is at least as important as providing distinctive for bad behavior.   Let remove all of the smoke and mirrors and simply assume the following:

1.  To be a witness you must pay $300 per month
2.  If you misbehave then you must pay $100,000

How many witnesses would sign up?  How secure would the network be?    This is what has been proposed to be more secure.  Sure the $300 you must pay are in OPPORTUNITY COST but opportunity cost cannot be ignored.

The cost to attack POW is not the cost they advertize ($414K per day for BTC).   The cost to attack any system is to attack at its weakest link, not its strongest.     For $18,000 per day in transaction fees you could completely cripple the bitcoin network until all of the wallets out there raised fees.  Then once they raise fees you pull off your attack until the wallet providers lower fees... then attack again.    For $18,000 per day you could easily make competing mining pools unprofitable.       

So the argument that it costs X times less to attack it is wrong on its face.        What does it cost to "attack" a swiss bank and get them to change their policy to censor/limit transfers?

You must compare COST to ATTACK vs VALUE of DAMAGE.   VALUE of DAMAGE is measured by how long the attack can be sustained and how costly it is to recover.   

The COST to ATTACK BTC may be $18,000 per day, but the attack can continue indefinitely.    As the attack progresses the value of BTC will fall which will make the attack cheaper to maintain.   

In DPOS the COST of a DIRECT attack is much higher  $1.5M dollars for BitShares 0.9 to gain control of all delegates via "frontal attack" compared with going after 51% of BTC.
In DPOS2 the COST of a DIRECT attack is even higher due to proxy voting and collateral voting raising the barrier

The cost to attack BTS2 is the cost of getting a TRUSTED community member to TURN on the community.  While some men/women are easily bought, other men/women have integrity that cannot be bought. 
The cost to attack BTC is the cost of getting a TRUSTED mining pool operator to TURN. 

If we assume that the cost of getting a mining pool to turn is similar to getting a witness to turn, then the fact that we have more witnesses means it costs more to get 50%
We know that many mining pools charge 0% while others charge 1%.  At 1% with 20% of BTC the mining pool has INCOME of $50K per month, but also has expenses. 

What we can conclude from this is that if witnesses had a combined income equal to that of the mining pools, then the cost to corrupt them would be the same.   

If we keep witness pay at 50,000 BTS per month (as proposed) and had 17 witnesses (as proposed) and BTS grew to be the size of BTC then they would each earn over $70K per month with far lower expenses.

From this I can conclude that the security of DPOS is greater while the cost is LESS which makes if much more efficient.   

 

[monsterer]

I don't think anyone is ignoring his *valid* points.    I have yet to see acknowledgement of the counter arguments to his proposal which are ALSO based on game theory.

All your counter arguments are from the POV of the well behaved witness, not from the perspective of the adversary - this even extends to your argument that securing the DPOS blockchain costs X times less than in POW therefore it is X times more efficient, when the actuality is that just costs X times less to attack it.

POS, for all its flaws, has a maximal game theoretical disadvantage to an adversary being the best block producer - they have the most to lose and yet can attack the most easily. In DPOS, such an attack can cost 0, in the case where a block producer has social engineered their way into power.

[gamey]

Liberty Reserve is a poor analogy.

I have the answer.

Embed the source code ON THE BLOCKCHAIN.  Make all pulls go onto the blockchain proper. There ya go. We're halfway there.

[Geneko]

I don't think anyone is ignoring his *valid* points.    I have yet to see acknowledgement of the counter arguments to his proposal which are ALSO based on game theory.
 

I am sorry because I didnt made my self clear about "valid points":
 
" The changes are also taking into account that the system should run flawlessly if this website and Bytemaster ceased to exist at any time.  The current system is far too bitshares website-centric.  I want to remove as much of the human element as possible and automate as much as possible."

and

" It's supposed to be a "DAC".  Your answer was not autonomous or decentralized at all.  You need to think of a better answer.  Especially one that doesn't entirely revolve around this website. What if they only speak Japanese?  What if they only speak Spanish?
Bitshares is currently designed to draw as little new people in as possible because there's no valid entry point in doing things like becoming a delegate.  Whatever answer you give me should make the assumption that this website does not exist at all as well."

and

" What if a govt entity goes after Bitshares like they did for Liberty Reserve and shut down this website?  There has to be an automated way of replacing delegates with ease:
The delegate replacement process has to be easy, seamless, and as autonomous as possible.  Any solution people suggest that involves asking Bytemaster to let them be a delegate is completely asinine."


It is not the point about his solution but about critics he made about current system.

[bytemaster]

All the tons of discussions on this forum means nothing compared to this one. So I couldn’t thing of more important issue to discus.
Its DPos mechanism. It makes foundation of Bitshares core value proposition. It is like basis for building. If the thing is positioned wrong whole building will be domed to fall.
Many things has changed over million years of human development. From knowledge to technology to organization of society.
But one thing remains constants all along. It is human nature.

Game Theory is best so far in providing logical system for explaining complex human dynamics.
So I am surprised how people ignore r0ach valid points.

Regarding the Ops question I suggest Tribe analogy.
Our system relies basically on its social structure, individual influence and trust in proven individual behavior. Now with its 17 witnesses (Council of Elders) it reassembles tribe structure ….and we all know the chef. 

I don't think anyone is ignoring his *valid* points.    I have yet to see acknowledgement of the counter arguments to his proposal which are ALSO based on game theory.

With proxy voting you can have 1000 proxies all of which wield meaningful influence.... but ultimately it will turn into a multi-party system on many issues as people will tend to align along different philosophies. 

[Geneko]

All the tons of discussions on this forum means nothing compared to this one. So I couldn’t thing of more important issue to discus.
Its DPos mechanism. It makes foundation of Bitshares core value proposition. It is like basis for building. If the thing is positioned wrong whole building will be domed to fall.
Many things has changed over million years of human development. From knowledge to technology to organization of society.
But one thing remains constants all along. It is human nature.

Game Theory is best so far in providing logical system for explaining complex human dynamics.
So I am surprised how people ignore r0ach valid points.

Regarding the Ops question I suggest Tribe analogy.
Our system relies basically on its social structure, individual influence and trust in proven individual behavior. Now with its 17 witnesses (Council of Elders) it reassembles tribe structure ….and we all know the chef. 

[xeroc]

until now

www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CB4QFjAAahUKEwj_rsqp-5nIAhXFWD4KHdBsCkA&url=http%3A%2F%2Fbullion.directory%2Fcern-scientists-create-230m-dollars-gold-in-lab%2F&usg=AFQjCNHcpjSqjeHY7fxPRhcms9q7xiIlog

wait... no... pay no attention to this fact... it is false

Yeah was an April 1st 

Thank god. I almost ...