sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
<bramc>
nsh: The person who's giving the talk doesn't have it on her home page, which strongly implies that it isn't on the web at all.
<midnightmagic>
bramc: My pet favourite is namecoin, and the current devs there at least seem to be making an honest effort, and offloading a large chunk of what would otherwise be entirely blockchain spam.
<nsh>
ah
<midnightmagic>
bramc: but you're absolutely right, IMO. More's the pity. It's almost like the problem itself lends itself to competent developers running away as fast as they can.
<midnightmagic>
(And also therefore monolithic developer communities who work super tightly together.)
mdavid613 has quit [Quit: Leaving.]
bramc has quit [Ping timeout: 250 seconds]
TheSeven has quit [Disconnected by services]
[7] has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
MaxSan_1 has quit [Quit: Leaving.]
alpalp has quit [Client Quit]
alpalp has joined #bitcoin-wizards
alpalp has quit [Changing host]
alpalp has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
Jushe has joined #bitcoin-wizards
<bramc>
Yes namecoin is a real project too.
<bramc>
To be fair, it's hard to come up with actual features for an altcoin to have, so a lot of developers who investigate it seriously just wind up working on Bitcoin
raedah has joined #bitcoin-wizards
<bramc>
Sort of like what I'm doing, but I'm still working on an altcoin. Still working on getting the underlying math to a decent place though.
dEBRUYNE has quit [Ping timeout: 240 seconds]
supasonic has quit [Ping timeout: 276 seconds]
supasonic has joined #bitcoin-wizards
<bramc>
To that end, there's been some advance on proofs of space. I had this bright idea that a proof of space can have a root value and a number of bits of its space, k, and to make a response to a challenge you need to find two k-bit strings which have the first k bits of the hashes of them, the root, and k itself collide, and the response to the challenge is the hash of both of those put together. Its quality is the difference from
<dgenr8>
forking the bitcoin chain is a respectable way to distribute coins, if your alt is compatible enough. easier for BTC holders to love
<bramc>
This trick still has TMTOs, but they aren't as good as simply hashing is. There are two interesting further improvements proposed.
<bramc>
My further improvement is to have repeated rounds of hashing. That one I said is level 1, it takes two level 1 values to make a level 2, etc. That seems to make the TMTOs get kind of sad after just a few iterations and doesn't make it much more expensive to produce
<bramc>
Also has the nice feature that looking up challenge responses is still trivial.
<gwillen>
bramc: you got cut off at "Its quality is the difference from" I think, a few lines back.
<bramc>
gwillen: Its quality is the difference from the challenge
<nsh>
dgenr8, are you suggesting mainchain forks as a periodic jubilee system?
<nsh>
that might be quite progressive if it worked without problems (which i doubt it would)
gmaxwell has left #bitcoin-wizards [#bitcoin-wizards]
<bramc>
Asset holders tend to not like jubilees
* nsh
nods
<nsh>
i originally had "hostile forks" for that reason
<nsh>
though you might argue that it would tend towards making people maximise their non-transferable value
<nsh>
which might make for better human beings
<bramc>
Krystoff made the much more mathematical and beautiful suggestion of making the hash function be a modular root. That enforces an exact random permutation, and you can have a collision be between the two things which are the same except for their last bit.
<bramc>
We have bankruptcy these days, which is sort of like jubilees. Still have inherited wealth though, which is a fairly dubious concept.
* nsh
nods
johnwhitton has quit [Quit: johnwhitton]
<nsh>
(creditors are still repaid with priority in most bankrupcies)
<nsh>
the closest analogy to jubilees is the periodic abandonment of global monetary systems
<nsh>
which tends to write off a bunch of dubious derivatives
<nsh>
and is largely healthy and we're due another at some point, i suspect
<nsh>
i don't understand the modular root observation
<bramc>
About modular roots: We're looking for two k-bit strings which both hash to the same value. Ideally they would all come in perfectly arranged pairs, rather than a random distribution
<bramc>
I will cut and paste, with apologies to Krystoff:
Iriez has joined #bitcoin-wizards
<bramc>
we'd need a family of one-way permutations over small domain (sth. like {0,1}^{30}) , here by one-way I mean the best inversion algorithm is as (in)efficient as algorithms for ideal random permutations.
<bramc>
A suggestion is to sample a 30 bit prime P and then using the OWP x -> g^x where g is a generator of a group of order P (should be a group over elliptic curves, not say prime order subgroups of Z_q^* as the latter allows for algorithms like index calculus that are even much better than the regular T/M trade offs).
<nsh>
how does that guarantee a collision pairs?
<nsh>
-a
<bramc>
nsh: It guarantees a random permutation, so if you lop of the last bit you've got pairs
<nsh>
oh, of course
Burrito has quit [Quit: Leaving]
supasonic has quit [Ping timeout: 244 seconds]
[7] has quit [Ping timeout: 276 seconds]
Ylbam has quit [Quit: Connection closed for inactivity]
blackwraith has quit [Ping timeout: 252 seconds]
supasonic has joined #bitcoin-wizards
<dgenr8>
nsh: a forkcoin is more like a rights issue than a jubilee. BTC holders have this new thing, which probably isn't worth much to start with. i've thought maybe it could work for zerocash
se3000 has quit [Ping timeout: 260 seconds]
nabu has quit [Ping timeout: 240 seconds]
TheSeven has joined #bitcoin-wizards
alpalp has quit [Read error: Connection reset by peer]
alpalpalp has joined #bitcoin-wizards
alpalpalp has quit [Read error: Connection reset by peer]
alpalp has joined #bitcoin-wizards
<bramc>
Anyways, the problem with applying the same sort of hash function on the second iteration is that it's only dependent on the value collided on, not the values which lead up to it, so the TMTO resistance isn't improved any.
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
GAit has quit [Quit: Leaving.]
pro has quit [Quit: Leaving]
alpalp has quit [Quit: Konversation terminated!]
alpalp has joined #bitcoin-wizards
DougieBot5000 has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Noldorin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
Jushe has quit [Quit: Page closed]
alpalp has quit [Quit: Konversation terminated!]
alpalp has joined #bitcoin-wizards
alpalp has quit [Changing host]
alpalp has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
Newyorkadam has joined #bitcoin-wizards
alpalp has quit [Ping timeout: 240 seconds]
CubicEarth has joined #bitcoin-wizards
CubicEarth has quit [Remote host closed the connection]
tromp_ has quit [Remote host closed the connection]
CubicEarth has joined #bitcoin-wizards
belcher has quit [Quit: Leaving]
hashtag_ has joined #bitcoin-wizards
CubicEarth has quit [Read error: Connection reset by peer]
CubicEarth has joined #bitcoin-wizards
hashtag_ has quit [Read error: Connection reset by peer]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Newyorkadam has quit [Read error: Connection reset by peer]
Aranjedeath has quit [Quit: Three sheets to the wind]
davec has quit [Read error: Connection reset by peer]
davec has joined #bitcoin-wizards
bramc has quit [Quit: Page closed]
bliljerk_ has joined #bitcoin-wizards
bliljerk101 has quit [Ping timeout: 250 seconds]
Jeremy_Rand_2 has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Aranjedeath has joined #bitcoin-wizards
CubicEarth has quit [Remote host closed the connection]
Alopex has quit [Remote host closed the connection]
CubicEarth has joined #bitcoin-wizards
Alopex has joined #bitcoin-wizards
roconnor_ has quit [Ping timeout: 244 seconds]
Alopex has quit [Remote host closed the connection]
johnwhitton has joined #bitcoin-wizards
Alopex has joined #bitcoin-wizards
CubicEarth has quit [Remote host closed the connection]
nuke1989 has joined #bitcoin-wizards
koshii has quit [Ping timeout: 276 seconds]
koshii has joined #bitcoin-wizards
CubicEarth has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 244 seconds]
tromp_ has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
tromp_ has quit [Ping timeout: 240 seconds]
mrkent has quit []
Aranjedeath has quit [Ping timeout: 240 seconds]
Alopex has quit [Remote host closed the connection]
bysherper has joined #bitcoin-wizards
Alopex has joined #bitcoin-wizards
earlest has quit [Ping timeout: 240 seconds]
CubicEarth has quit [Remote host closed the connection]
CubicEarth has joined #bitcoin-wizards
raedah has quit [Quit: Leaving]
raedah has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
johnwhitton has quit [Quit: johnwhitton]
CrazyTruthYakDDS has joined #bitcoin-wizards
arowser has quit [Quit: No Ping reply in 180 seconds.]
thekrynn_ has joined #bitcoin-wizards
arowser has joined #bitcoin-wizards
<thekrynn_>
was wondering if someone could help me with a Q about ASIC devices
<Taek>
thekrynn_: better to just ask the question
<thekrynn_>
From what I understand about ASIC, you can use it to generate SHA256d (people say that it's useless for anything besides mining)
<thekrynn_>
what im wondering is... if i had an actual use to do so, is there an ASIC device that would allow me to take a preexisting list of numbers and sha256d them to a file?
<thekrynn_>
or to stdout or to a program... etc...
<Taek>
You can write an ASIC to do any computation you want
<Taek>
the thing about an ASIC is that it only does *one* type of computation
<thekrynn_>
basically im trying to find a different way to hash a list of input data
<thekrynn_>
instead of doing it via CPU (which is very computationally heavy)
<thekrynn_>
type of hash... doesnt matter to me
<thekrynn_>
as long as it's considered random
<Taek>
ASICs are extremely expensive to manufacture, I doubt that's the solution you want
<Taek>
for hashing, GPUs are often faster than CPUs by a factor of 10-100
<thekrynn_>
so i couldnt repurpose exists ASIC's to do that?
<Taek>
also, blake2 is very fast
<thekrynn_>
ive found it faster, although CUDA seems to be the bottleneck
<Taek>
no, you can't repurpose existing ASICs
<Taek>
the inability to repurpose them is what makes them ASICs :P
<thekrynn_>
im waiting on the pascal series
<thekrynn_>
so ASIC refers to the workflow more so than the computation
<thekrynn_>
a lot of forms ive been looking through seem to be misinformed about that
<thekrynn_>
ie.. ive read 100s of pages that say "oh if you want to do sha256d, yeah.. you can use them all day long"
<thekrynn_>
when talking about bitcoin usbs
<Taek>
well, if your data looks sufficiently like a Bitcoin header, or if the ASIC is general enough to take arbitrarily sized input, then you might be able to reuse the ASIC
<thekrynn_>
my workflow is basically:
<thekrynn_>
integer with padding -> hash of any type >= 32char
<Taek>
a single integer?
<thekrynn_>
yup... im basically doing this for billions of integers
<thekrynn_>
and im doign them one by one
<Taek>
then yes, you could probably get that to work with a Bitcoin miner, bitcoin headers are 80 bytes
priidu has joined #bitcoin-wizards
<Taek>
can I ask why you are hashing billions of integers?
<thekrynn_>
data science
<Taek>
more specifically?
<thekrynn_>
set theory approximation
<thekrynn_>
which has to do with hash byte ordering overlap
sausage_factory has quit [Ping timeout: 276 seconds]
nuke_ has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
nuke1989 has quit [Ping timeout: 260 seconds]
blockzombie has joined #bitcoin-wizards
nabu has joined #bitcoin-wizards
nabu has quit [Ping timeout: 265 seconds]
nabu has joined #bitcoin-wizards
sausage_factory has joined #bitcoin-wizards
blackwraith has quit [Ping timeout: 276 seconds]
Guyver2 has quit [Quit: :)]
MaxSan_ has joined #bitcoin-wizards
blockzombie has quit [Read error: Connection reset by peer]
blockzombie has joined #bitcoin-wizards
blockzombie has quit [Ping timeout: 260 seconds]
alferz has quit [Ping timeout: 265 seconds]
tromp_ has joined #bitcoin-wizards
blockzombie has joined #bitcoin-wizards
tromp_ has quit [Ping timeout: 260 seconds]
sausage_factory has quit [Ping timeout: 244 seconds]
alferz has joined #bitcoin-wizards
JHistone has joined #bitcoin-wizards
MaxSan_1 has joined #bitcoin-wizards
nabu has quit [Ping timeout: 276 seconds]
MaxSan_ has quit [Ping timeout: 252 seconds]
alferz has quit [Ping timeout: 265 seconds]
nabu has joined #bitcoin-wizards
alferz has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
AaronvanW has quit [Remote host closed the connection]
xsdfdfsa has joined #bitcoin-wizards
supasonic has quit [Ping timeout: 260 seconds]
blockzombie has quit []
mountaingoat has quit [Ping timeout: 240 seconds]
ghtdak has quit [Ping timeout: 276 seconds]
ghtdak has joined #bitcoin-wizards
mountaingoat has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
HostFat has joined #bitcoin-wizards
CrazyTruthYakDDS has quit [Quit: Connection closed for inactivity]
GAit has joined #bitcoin-wizards
GAit has quit [Client Quit]
dEBRUYNE has quit [Quit: Leaving]
alpalp has joined #bitcoin-wizards
bliljerk_ has quit [Remote host closed the connection]
bliljerk101 has joined #bitcoin-wizards
bliljerk101 has quit [Client Quit]
nuke_ is now known as nuke1989
dnaleor has quit [Read error: Connection reset by peer]
dnaleor has joined #bitcoin-wizards
hashtag_ has joined #bitcoin-wizards
HostFat has quit [Read error: Connection reset by peer]
tromp_ has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
tromp_ has quit [Ping timeout: 246 seconds]
raedah1 is now known as raedah
belcher has joined #bitcoin-wizards
raedah has quit [Quit: Leaving]
r0ach has quit [Read error: Connection reset by peer]
alpalp has quit [Ping timeout: 276 seconds]
alpalp has joined #bitcoin-wizards
raedah has joined #bitcoin-wizards
hashtagg has joined #bitcoin-wizards
alpalp has quit [Read error: Connection reset by peer]
alpalpalp has joined #bitcoin-wizards
oneeman has joined #bitcoin-wizards
raedah has quit [Quit: Leaving]
raedah has joined #bitcoin-wizards
raedah has quit [Remote host closed the connection]
hashtag_ has quit [Ping timeout: 246 seconds]
raedah has joined #bitcoin-wizards
xsdfdfsa has quit [Remote host closed the connection]
JHistone has quit [Quit: Leaving]
r0ach has joined #bitcoin-wizards
dEBRUYNE has quit [Quit: Leaving]
Giszmo has quit [Read error: Connection reset by peer]
AaronvanW has quit [Remote host closed the connection]
CubicEarth has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
hashtag_ has joined #bitcoin-wizards
hashtagg has quit [Ping timeout: 244 seconds]
Burrito has joined #bitcoin-wizards
CubicEarth has quit [Remote host closed the connection]
whiteunicorn___ has joined #bitcoin-wizards
eragmus has quit [Ping timeout: 244 seconds]
mappum has quit [Ping timeout: 244 seconds]
aspect_ has quit [Read error: Connection reset by peer]
aspect_ has joined #bitcoin-wizards
whiteunicorn__ has quit [Ping timeout: 244 seconds]
CubicEarth has joined #bitcoin-wizards
eragmus has joined #bitcoin-wizards
mappum has joined #bitcoin-wizards
Noldorin has joined #bitcoin-wizards
CubicEarth has quit [Remote host closed the connection]
laurentmt has joined #bitcoin-wizards
nanotube has quit [Remote host closed the connection]
nuke1989 has quit [Read error: Connection reset by peer]
nuke1989 has joined #bitcoin-wizards
roconnor has joined #bitcoin-wizards
GAit has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
<bsm1175321>
Taek: i'll put my braids code on github today, so you can make prettier diagrams. ;-)
<bsm1175321>
I've gone back and forth on exactly how a rewards algorithm should work, it would be good to discuss, and simulate...
MaxSan_ has joined #bitcoin-wizards
<nsh>
oO
MaxSan_1 has quit [Ping timeout: 246 seconds]
<nsh>
Taek, whose blog is that at sia?
<bsm1175321>
It's his. ;-)
<nsh>
ah, grand :)
waxwing has quit [Ping timeout: 240 seconds]
roconnor_ has joined #bitcoin-wizards
waxwing has joined #bitcoin-wizards
tromp_ has quit [Remote host closed the connection]
GAit has quit [Quit: Leaving.]
GAit has joined #bitcoin-wizards
Guest43042 has quit [Ping timeout: 240 seconds]
t800 has joined #bitcoin-wizards
t800 is now known as Guest87140
roconnor_ has quit [Ping timeout: 244 seconds]
tromp_ has joined #bitcoin-wizards
<Taek>
bsm1175321: my rewards strategy targeted fairness as much as possible. All miners should get the same winnings per hashrate
<c0rw1n>
sooo "put all the miners in the same pool, problem solved" ?
johnwhitton has joined #bitcoin-wizards
<Taek>
c0rw1n: did you read the post? It makes pooling almost unnecessary.
<c0rw1n>
haven't read no :-/ but then i'm mostly lurking here for the insightainment (which is better than drugs) because i'm totally unqualified to actually contribute
CubicEarth has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
tromp_ has quit [Remote host closed the connection]
arowser has quit [Quit: No Ping reply in 180 seconds.]
arowser has joined #bitcoin-wizards
CubicEarth has quit [Read error: Connection reset by peer]
<CodeShark>
Taek: thanks for the post - it's an improvement over the napkin drawings ;)
CubicEar_ has joined #bitcoin-wizards
CubicEar_ has quit [Read error: Connection reset by peer]
CubicEarth has joined #bitcoin-wizards
CubicEarth has quit [Ping timeout: 246 seconds]
CubicEarth has joined #bitcoin-wizards
CubicEarth has quit [Read error: Connection reset by peer]
CubicEarth has joined #bitcoin-wizards
dnaleor has quit [Ping timeout: 246 seconds]
laurentmt has quit [Quit: laurentmt]
belcher has quit [Quit: Leaving]
tromp_ has joined #bitcoin-wizards
dnaleor has joined #bitcoin-wizards
supasonic has joined #bitcoin-wizards
CubicEarth has quit []
fn2187__ has quit [Read error: Connection reset by peer]
GAit has quit [Read error: Connection reset by peer]
GAit has joined #bitcoin-wizards
supasonic has quit [Ping timeout: 244 seconds]
tromp_ has quit [Remote host closed the connection]
tromp_ has joined #bitcoin-wizards
dnaleor has quit [Ping timeout: 240 seconds]
Aranjedeath has joined #bitcoin-wizards
Aranjedeath has quit [Client Quit]
c0rw1n_ has joined #bitcoin-wizards
dnaleor has joined #bitcoin-wizards
Aranjedeath has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
hdbuck has joined #bitcoin-wizards
hdbuck has joined #bitcoin-wizards
midnightmagic has quit [Ping timeout: 276 seconds]
tromp_ has quit [Remote host closed the connection]
hashtagg has joined #bitcoin-wizards
midnightmagic has joined #bitcoin-wizards
hashtag_ has quit [Ping timeout: 265 seconds]
<bsm1175321>
Taek: fairness, defined as constant reward/hashrate is easy to achieve, but I've been worrying also about delayed blocks and what to do about them.
<bsm1175321>
In bitcoin they cause the selfish mining problem -- which doesn't occur if miners can't write their own coinbase, eliminating that race.
<bsm1175321>
With braids, delayed blocks cause cohort size to increase, which if taken to far is a denial-of-service, because creating a cohort is O(n^2), and the size of the cohort grows exponentially fast with decreasing block/bead time.
hdbuck has quit [Quit: hdbuck]
hdbuck has joined #bitcoin-wizards
<bsm1175321>
Long ago I proposed a reward weighting which punishes slow blocks, but this also creates an incentive to centralize, and a dis-incentive to run over an anonymizing network e.g. Tor/I2P.
alpalpalp has quit [Ping timeout: 260 seconds]
<bsm1175321>
So right now I'm thinking to simply have a constant reward per bead, and add a hard cutoff for *very* late beads (they would be discarded).
alpalp has joined #bitcoin-wizards
GAit has quit [Quit: Leaving.]
priidu has joined #bitcoin-wizards
GAit has joined #bitcoin-wizards
Aranjedeath has quit [Quit: Three sheets to the wind]
belcher has joined #bitcoin-wizards
supasonic has joined #bitcoin-wizards
<bsm1175321>
Taek: commenting is disabled on your blog. Would you like feedback here?
c0rw1n_ has quit [Ping timeout: 276 seconds]
Samdney has joined #bitcoin-wizards
oneeman has quit [Quit: Leaving]
dnaleor has quit [Read error: Connection reset by peer]
pro has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
mdavid613 has joined #bitcoin-wizards
tromp_ has quit [Ping timeout: 260 seconds]
dnaleor has joined #bitcoin-wizards
<bsm1175321>
It strikes me that (in bitcoin) since miners report time in their blocks, and that time is used in the retarget calculation, there's an incentive for miners to mis-report the time so as to increase the coins allocated per unit real-time.
<bsm1175321>
In bitcoin blocks can mis-report time by up to 2 hours, and with a retarget window of 2 weeks, miners could systematically report times 2-hours later than actual, to cause an increase in coin allocation of 0.6% per retarget interval.
<bsm1175321>
Pursuing such a strategy results in an 85% APY...what's to stop miners from doing this, today?
alpalp has quit [Quit: Konversation terminated!]
alpalp has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
hashtag_ has joined #bitcoin-wizards
hashtagg has quit [Ping timeout: 252 seconds]
<Taek>
bsm1175321: feedback here is good. There's a way for me to enable comments but I forget how
<Taek>
I have an unforgiving cutoff for late blocks, more than ~10 minutes late and you get no reward. If you can't propagate your block in 10 minutes you simply can't mine.
<Taek>
Today, miners could misreport time to keep the difficulty low, but full nodes will reject blocks that are too far into the future.
<Taek>
I don't like the way that Bitcoin depends on time but don't have a better solution, I've thought about it quite a bit though
<Taek>
The increased revenue is pretty small compared to the sacrifice of having a chain that most nodes won't accept until X hours later. Every 25btc of income requires you to push the chain permanently forward by 10 minutes
<bsm1175321>
Taek: full nodes would only reject blocks that are more than 2 hours late. So the strategy is to misreport time to be *close* to but less than 2 hours late. I don't think any sacrifice is required.
blackwraith has joined #bitcoin-wizards
<katu>
bsm1175321: that would be so if the block time median lived in vacuum, but afaik block time is compared to external time
<c0rw1n>
hm, but wouldn't other miners be likely to find blocks within those 2hrs? or is that counted in already and i'm being an idiot again
<katu>
so its not possible to induce time drift, unless you move system clocks on majority of nodes too
<bsm1175321>
katu: One miner couldn't do it alone, but if all miners decided to move their clocks forward by 2 hours, they could increase the coin allocation by 85%/year.
<dEBRUYNE>
CryptoNote reference code is known by the Monero Research Lab to be flawed.
<dEBRUYNE>
Abstract: As of this writing, the algorithm employed for difficulty adjustment in the
<dEBRUYNE>
We describe and illustrate the nature of the flaw and recommend a solution. By
<dEBRUYNE>
dishonestly reporting timestamps, attackers can gain disproportionate control
<dEBRUYNE>
over network difficulty. We verify this route of attack by auditing the CryptoNote
<dEBRUYNE>
reference difficulty adjustment code, which, we reimplement in the Python
<dEBRUYNE>
programming language. We use a stochastic model of blockchain growth to test
<dEBRUYNE>
the CryptoNote reference difficulty formula against the more traditional Bitcoin
<dEBRUYNE>
difficulty formula. This allows us to test our difficulty formula against various
<dEBRUYNE>
hash rate scenarios.
<katu>
bsm1175321: somewhat related to your concerns was a bug in bitcoind long time ago. a concerned miner effort could drive difficulty down by slightly drifting time
<katu>
bsm1175321: afaik not even 51% was necessary
<katu>
(i have no idea what exactly was the problem, some sort of block off by one in difficulty readjust)
<pigeons>
it still exists
<pigeons>
it was fixed in altcoins because they get exploited
<pigeons>
because hash majority is obviously easier to obtain there
<bsm1175321>
FYI, braids provide a new mechanism for difficulty retargeting: minimizing the cohort time. It can get the block (cohort) time down around 1s, set by the inherent latency of the network. (similar to Taek's blog post above)
<katu>
got confused by altcoins with short readjust where getting "51%" by chance is much more likely
<bsm1175321>
dEBRUYNE: If like me you're too lazy to check out the monero repo and latex that paper yourself, here you go: http://www.trollandtoad.com/p131769.html
<Taek>
katu: blocks that are more than 2 hours in the future are not rejected permanently, they are only rejected until they are no longer 2 hours in the future
damnesia has left #bitcoin-wizards [#bitcoin-wizards]
<Taek>
in the meantime, other miners could build a fork, but if the future-time fork is heavier, the future-time fork will eventually win, unless the current fork sufficiently close
<katu>
Taek: i meant in context of online consensus (where you constantly race with rest of the network). in offline they indeed are eventually accepted.
<katu>
Taek: yeah, but the future time still has to be 51% collusion. one interesting scenario would be indeed pools collectively doing this in a race to the bottom (as they compete for profitability)
<Taek>
if the future fork is mining with say, 90% of the hashpower, there's little risk that it will lose. In fact, it's a good mechanism to double spend because blocks in the current fork will always be reorg'd once time catches up to the future fork
<katu>
if there weren't fears of backlash and crashing the price they might've done so already
<katu>
then again, i dont see why people worry so much about this, its a collusion like any other
<katu>
if miners collude, the protocol is doomed in a lot of ways
<Taek>
well, the effective throughput is kept at 1mb. Miners may be able to secure their winnings ahead of time, but they can't collect them any faster than they already could
<Taek>
in that sense, there's not much to gain from the collusion here
ThomasV has joined #bitcoin-wizards
hashtag_ has quit [Read error: Connection reset by peer]
<Taek>
bsm1175321: with regards to point 1 in your comments, as soon as the double-spender releases the first block, people are going to start building on it. By the time they release the second block, there will be a lot of work burying the original block
<Taek>
furthermore, per protocol rules, they have to release that second block within ~10 minutes otherwise it's going to have an illegal gap when it gets merged into the broader chain
<Taek>
basically, you've only got a tight window in which you can double spend. After about 10 minutes, the chances of a successful double spend drop dramatically
<Taek>
this is equivalent to waiting for 1 confirmation in Bitcoin
<Taek>
*2 confirmations
<Taek>
because the block rate is so much higher, the probability that an accidental reorg disrupts a 5MB confirmation is virtually zero, and the probability that a 49% hashrate attacker can execute a double spend on more than 6MB is also near-zero
<Taek>
I haven't done the exact math but I'm guessing you start approaching cryptographic-grade probability after a block is confirmed by as little as 6MB
<Taek>
(for anyone who didn't read, in the 'Jute' proposal height is measured by block size instead of by block count, and difficulty is set proportional to block size)
<Taek>
For point 2, allowing conflicting blocks is required for fairness. If we disallow conflicting blocks, a miner with better network connection or better hashrate is going to be able to mine blocks strategically such that competing miners will end up mining losing conflicting blocks
<bsm1175321>
Taek: Releasing blocks in such a manner causes them to be "parallel" with respect to the cohort structure (e.g. in the same cohort), so it's impossible to tell which came first, from graph structure alone.
<bsm1175321>
I agree it's a tight window.
<Taek>
how do you resolve having two parallel but conflicting blocks?
<bsm1175321>
They define forks, as usual.
<Taek>
how do you select a fork then?
<bsm1175321>
By the usual highest-work rule.
dnaleor has quit [Ping timeout: 246 seconds]
<Taek>
ok, so blocks aren't allowed to commit to cohorts with conflicts
<bsm1175321>
If miners aren't making this selection, the number of forks explodes. This is basically the miner's entire job. (but see the "inclusive blockchain" idea of "direct simulation")
<Taek>
but that does mean that you will have winners and losers
<Taek>
well, having an exact ordering resolves this problem
<bsm1175321>
Of course. If you mine on a conflicting fork, you do lose.
<bsm1175321>
This loss is basically a consequence of the speed of light, and non-synchronous nature of reality. I don't think there's any way to "fix" it that can't be gamed.
<Taek>
it's bad to lose, because if you have a slow network connection, you won't know if you are mining on a block which might be in conflict or not
<Taek>
I think Jute effectively resolves this problem :)
<Taek>
It's made possible with the strict ordering
<Taek>
*exact ordering
<bsm1175321>
I'm aware that's possible -- I've thought about it because if you want to run a network like Ethereum on such a structure, you're required to make a total ordering of all transactions, due to data dependency.
<bsm1175321>
Because of the lack of external dependencies in bitcoin's script, it's trivial to determine the data dependency of its transactions, because it reduces to the dependency of its inputs.
<Taek>
in Jute, there is great uncertainty about the utxo set for the recent 5MB of activity, if you haven't seen all the blocks you aren't sure what order things are going to be in, and therefore which double spends will be selected by the network
<bsm1175321>
An interesting consequence of this is that a bitcoin-like script network can be faster than an Ethereum-like network by around a factor of 4.
<Taek>
but, after the 5MB barrier, it's very unlikely that the set you know will be reorged
<Taek>
effectively, Jute does not change the confirmation time that Bitcoin has, though it does increase the block rate
<bsm1175321>
Taek: I think you need to more clearly define what the UTXO set is and how/when/where it gets defined, WRT the blocks. Iota is making this mistake. They effectively never have a UTXO set.
<Taek>
ok, should be pretty easy
dnaleor has joined #bitcoin-wizards
<bsm1175321>
If you allow conflicting parents, your UTXO sets multiply...
<Taek>
The utxo set is defined by the tip of the longest thread that you are aware of, but, the 'confirmed' utxo set is defined starting from the block 5MB backwards from that
<Taek>
no, because after you order the parents, you can eliminate the conflicting transations
<Taek>
so, you accept the transactions as a part of the chain, but not as a part of consensus
<bsm1175321>
Each conflicting tx in each parent has to be in a different UTXO set.
<Taek>
*losing internet
<Taek>
(travelling)
<bsm1175321>
Ok. I'm gonna put my braids code up. Obviously I'm too slow with this and people are interested... ;-)
<Taek>
with regards to point #3, difficulty is also tied to block size. Miners are expected to make fake transactions if there are no real transactions to fill the void
laurentmt has joined #bitcoin-wizards
<Taek>
there's some room for network + validation optimization there obviously, perhaps a giant empty OP_RETURN would be allowed or something
laurentmt has quit [Client Quit]
<katu>
bsm1175321: honestly, all the GHOST-like proposals i've seen ultimately lack the elegance of simplicity
koshii has quit [Ping timeout: 260 seconds]
<katu>
state machines which are only intuitively reasoned about, instead of simple graphs seem scarier to me
<bsm1175321>
katu: I'm not a fan of GHOST, nor Ethereum's variant. It seems extremely arbitrary.
<bsm1175321>
Taek: I'm not a fan of saturating everyone's network link either... :-/
<bsm1175321>
There's an "On-Chain Scaling" virtual conference, that's the next time I'm going to talk about this...
<Taek>
bsm1175321: you can optimize out the empty txns at the network layer. Though my current assumption is that there will be enough legit transactions to keep everyone saturated regardless.
<Taek>
*following increased adoption
raedah has quit [Ping timeout: 276 seconds]
<bsm1175321>
Taek: then what's the point of actually creating blocks that saturate the bandwidth? You could just give fixed rewards, independent of the block size instead, and it has the same effect as the optimal miner strategy in your proposal.
<Taek>
If it's not clear, Jute does have a fixed reward/time setup. The difficulty adjustment does cause some variance, but it's not large
<Taek>
Glad you asked, it's not yet explained in the post. The point of having variable block difficulties is to allow tiny miners to be able to solo-mine.
<Taek>
At 5kb, you can find a block every day with a $2000 ASIC, which is a high enough frequency to allow solo-mining
<katu>
Taek: if i get it right, in jute, small miners can gang up in a fork (with succession of low difficulty, but numerous blocks) and overpower powerful miner branch, right?
<Taek>
on the other hand, because of things like CoinJoin and CT, you may want transaction much larger than 5kb
<Taek>
katu: yeah, by merging eachothers chains, they effectively act as a pool without actually needing to be a pool
<Taek>
and then as soon as the big miner releases its blocks, those blocks can be merged as well, without permission
<katu>
Taek: they'd still need to gang up intelligently, to avoid orphans, ie there would have to be different bandwidth tiers. obviously the smaller miner you are, the more bandiwdth / lower latency you need
<Taek>
A big miner with <50% hashrate is not going to be able to create a thread that outpaces the rest of the network, though the miner may be able to maintain short term leads due to latency advantages
<bsm1175321>
katu: There should be no orphans in such a setup.
Aranjedeath has joined #bitcoin-wizards
<katu>
bsm1175321: ultimately what it does is lower block rate
<katu>
or more like, each branch runs at its own pace
<bsm1175321>
katu: that's one consequence, yes.
<katu>
bsm1175321: so you get geographically separated "gangs"
<katu>
one swarm in china, one in europe
<katu>
they'll keep orphaning each other
<Taek>
katu: where do the orphans happen? The gangs will keep merging eachother, and form effectively larger gangs
<Taek>
the deadline for a merge is set to be large enough that blocks can **easily** propagate all over the world
<katu>
Taek: im assuming the rest more or less works like bitcoin, i didnt realize its ghost-like which can adopt orphans :(
<Taek>
why ':(' ?
<katu>
Taek: complex graph, or more like, complex state machine to implement the graph rules
<Taek>
the incentive structure is much better than in GHOST
<Taek>
oh
<Taek>
it's not that complex :P
<Taek>
the only complexity is in knowing how to create the exact ordering. Once you have that, it operates basically the same way as the bitcoin blockchain
<katu>
Taek: i'd be fine with gangs orphaning each other, and instead implement complex heuristics in networking to incentivize orphan avoidance
<katu>
which would be neater as the consensus rules would stay "clear", and gangs would be forced to self organize according to internet topology instead
<katu>
what youre doing with fancy graphs is working around laggy internet
<Taek>
the graph building has 2 rules!
AaronvanW has quit [Remote host closed the connection]
<bsm1175321>
katu: I think that's one way to look at it. It's taking the laggy internet, and its actual topology into account, instead of throwing out a number like "10 minutes" (which is way slower than dictated by the network) and hoping it works.
<katu>
Taek: exact ordering of what? transactions?
<Taek>
katu: exact ordering of blocks
<katu>
hmm
<Taek>
you have this DAG graph that's messy, and then you have 2 simple rules for turning it into a standard chain
<katu>
Taek: im mostly concerned about conflicting transactions. and various unintended consequences, like introducing conflicts to influence graph shape
<pigeons>
10 minutes does work
<katu>
yep, 10 minutes is simple and elegant :)
<Taek>
the graph ordering is fully ignorant of the transaction contents
<bsm1175321>
pigeons: It does, but it's at least 600 times slower than necessary. And inelegant.
<katu>
if you want instant transactions, there are better way to do it
<pigeons>
its likely slower than necesary, but i'm a long way from agreeing with your 600 times premise
<katu>
like make previous transactions to vouch for priority ("instant") transactions to be included in future block, form loose online consensus, and then vouch future blocks when it includes the instant transactions. it is still prone to small race windows which must be judged by tx recipient, but ultimately, one can do it without making the base consensus complex
<katu>
and can be moved out of it
<bsm1175321>
pigeons: actual ping times are ~500ms round trip.
<katu>
*previous winning miners
<katu>
bsm1175321: real self-organizing p2p can do about 250
<katu>
ie approach the technical values
<bsm1175321>
katu: I know. That's the goal. So pigeons that's a factor of 2400. :-P
<katu>
i still see no need for introducing complex graph, when orphan rate itself is incentive for miners to seek optimal network propagation
<bsm1175321>
The orphan problem results in the selfish mining problem, halving the security of the network.
<katu>
selfish mining vanishes the moment rewards are from fees
<bsm1175321>
Also, 10 minutes is way to damn long for me.
<pigeons>
any decrease from 10 minutes isnt worth the risks 10 minutes is so quick ompared to days!
<katu>
yeah, waiting for 60 permanently competing forks inflight to converge is no fun ;_;
<bsm1175321>
pigeons: So it's on any alternative proposal to prove there are no risks, or the risks are acceptable compared to the risks with bitcoin as it stands...
<katu>
but thats mostly bitcoin network code dont make an attempt to self-organize in low latency cliques
<katu>
*mostly because
<katu>
which it could, with no need for hard forks.
roman__ has joined #bitcoin-wizards
hdbuck has quit [Quit: hdbuck]
supasonic has quit [Ping timeout: 244 seconds]
supasonic has joined #bitcoin-wizards
dnaleor has quit [Ping timeout: 250 seconds]
nuke1989 has quit [Remote host closed the connection]
GAit has quit [Read error: Connection reset by peer]
GAit has joined #bitcoin-wizards
dnaleor has joined #bitcoin-wizards
alpalp has quit [Quit: Konversation terminated!]
alpalp has joined #bitcoin-wizards
dnaleor has quit [Ping timeout: 276 seconds]
alpalp has quit [Quit: Konversation terminated!]
alpalp has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
dnaleor has joined #bitcoin-wizards
supasonic has quit [Ping timeout: 246 seconds]
supasonic has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
hashtag_ has joined #bitcoin-wizards
supasonic has quit [Ping timeout: 276 seconds]
tromp_ has quit [Ping timeout: 276 seconds]
supasonic has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 276 seconds]
jtimon has quit [Ping timeout: 260 seconds]
alpalp has quit [Ping timeout: 240 seconds]
alpalp has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
alpalp has quit [Ping timeout: 246 seconds]
JHistone has joined #bitcoin-wizards
lysobit has quit [Ping timeout: 250 seconds]
Aranjedeath has quit [Ping timeout: 276 seconds]
raedah has joined #bitcoin-wizards
GAit1 has joined #bitcoin-wizards
GAit has quit [Ping timeout: 252 seconds]
raedah has quit [Quit: WeeChat 1.5]
raedah has joined #bitcoin-wizards
dnaleor has quit [Quit: Leaving]
raedah has quit [Quit: WeeChat 1.5]
belcher has quit [Read error: Connection reset by peer]
belcher has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Jeremy_Rand_2 has quit [Read error: Connection reset by peer]
Alopex has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
tromp_ has quit [Remote host closed the connection]