@DesheShai I would argue that the 50% attack resilience you mentioned is not the result of PoW but the result of how Satoshis voting mechanism does not operate in rounds where you have to "prematurely" finalize decisions. This allows actors to continuously adjust their opinion and ...
@DesheShai ... ultimately converge to all add weight to the same winning outcome.
If you operate in rounds (like all contemporary BFT style consensus mechanisms) and declare a decision to be final once you have reached 67% of the weight (to move on to the next round), then an attacker ...
If you operate in rounds (like all contemporary BFT style consensus mechanisms) and declare a decision to be final once you have reached 67% of the weight (to move on to the next round), then an attacker ...
@DesheShai ... that controls >1/3rd (i.e 34%) could switch the outcome of the voting which leads to the lowered security threshold in each round (waiting for more weight would challenge liveness).
If you do however never finalize decisions and allow actors to converge post-reaching a ...
If you do however never finalize decisions and allow actors to converge post-reaching a ...
@DesheShai ... threshold, then you will have the same convergence properties as in PoW based systems where at some point you will have 100% of the voters approving a decision which consequently requires >50% of the weight to revert it.
The reason why existing BFT style consensus ...
The reason why existing BFT style consensus ...
@DesheShai ... mechanisms operate in rounds and accordingly lack this kind of "post-threshold" convergence which gives PoW its superior security is not a limitation of the idea of having a known validator set but is simply related to the fact that nobody has ever built a never-ending ...
@DesheShai ... voting mechanism that could track deterministic confirmation thresholds without relying on rounds.
What makes Satoshis ideas of a never ending voting so powerfull is that it is not a binary consensus (i.e. is a block final or not, is a certain vertice in a DAG a ...
What makes Satoshis ideas of a never ending voting so powerfull is that it is not a binary consensus (i.e. is a block final or not, is a certain vertice in a DAG a ...
@DesheShai ... checkpoint or not) but that it is a "continuous colored voting" that can choose between a potentially unbounded number of competing forks (mostly at different heights) with a fixed and constant messaging complexity. This allows it to operate in a "never-ending mode" ...
@DesheShai ... which grants it its superior "convergence properties" ultimately leading to its 50% resilience.
Not operating in rounds also get's around the liveness issues of traditional BFT style consensus mechanisms as nodes never need to reach a threshold to advance to the next round.
Not operating in rounds also get's around the liveness issues of traditional BFT style consensus mechanisms as nodes never need to reach a threshold to advance to the next round.
@DesheShai It is important to note, that even never-ending voting mechanisms (like BTC, Kaspa or ours) still rely on a somewhat accurate perception of the "passing of relative time" (measured by the hardware clock) to continously adjust system parameters like mining difficulty and so on ...
@DesheShai ... but this is conceptually very different from finalizing decisions at the end of rounds and not carrying forward weights.
Our consensus is the first "continuous colored voting mechanism" that is able to vote on an unbounded number of competing conflicts (rather than a ...
Our consensus is the first "continuous colored voting mechanism" that is able to vote on an unbounded number of competing conflicts (rather than a ...
@DesheShai ... single value like the longest chain) with a fixed and constant messaging complexity and is accordingly able to track deterministic confirmation thresholds for individual conflicts without having to rely on rounds.
Of course declaring sth. confirmed is still somewhat ...
Of course declaring sth. confirmed is still somewhat ...
@DesheShai ... problematic (if more than 1/3rd of the weight turn malicious at that very moment) but since our finality is not really deterministic in the traditional sense of being irrevertible, this threshold is simply a "sane default value" (that is in line with expected BFT ...
@DesheShai ... thresholds) at which we notify the user, that a transactions is unlikely to be rolled back.
A user that expects a higher threshold of malicious actors can also wait longer in the same way as a user can freely choose after how many blocks to accept a Bitcoin transaction.
A user that expects a higher threshold of malicious actors can also wait longer in the same way as a user can freely choose after how many blocks to accept a Bitcoin transaction.
@DesheShai But even though we ultimately reach the same security and liveness properties as PoW systems, there is still one remaining benefit of PoW and that is that it taps into an unbounded external resource for sybil protection - namely the amount of fees that users are willing to ...
@DesheShai ... pay over time - which through PoW pile up as "real world commitments" (in the form of burned energy) to provide settlement security for the entire network.
In the absence of block rewards, this means that PoW derives its entire superior settlement security by allowing ...
In the absence of block rewards, this means that PoW derives its entire superior settlement security by allowing ...
@DesheShai ... users to pay a fee that "hopefully" ends up financing blocks of miners extending the longest chain.
While the inclusion of external actors for settlement security is very desirable, the "hopefully aspect" is a bit questionable and the very possibility of user commitments ...
While the inclusion of external actors for settlement security is very desirable, the "hopefully aspect" is a bit questionable and the very possibility of user commitments ...
@DesheShai ... ending up financing a secret attacker chain is in my opinion unnecessary if you instead allow users to directly commit to the preferred state. Instead of measuring social consensus / agreement through game theory and the proxy of burned energy we just measure social ...
@DesheShai ... consensus directly and while this is of course less "exact" (as it has to be "subjective" to be permissionless) it will ultimately most probably be "good enough" as continously asking a randomly chosen subset of the honest population is almost equivalent to asking ...
@DesheShai ... everybody (Avalanche and every pre-election poll is based on exactly the same ideas).
Stellar has tried to formalize the ideas around such a sybil protection: arxiv.org/pdf/1906.09314… but since the voting mechanism of Stellar is based on mutual peering and p2p queries it ...
Stellar has tried to formalize the ideas around such a sybil protection: arxiv.org/pdf/1906.09314… but since the voting mechanism of Stellar is based on mutual peering and p2p queries it ...
@DesheShai ... makes the network feel somewhat permissioned and not scalable. In our model, the United Nations don't have to trust you back, if you want to use their statements as a way to reach a higher degree of settlement security.
Compared to that Stellar paper we also don't let ...
Compared to that Stellar paper we also don't let ...
@DesheShai ... the trusted actors vote directly but use PoS to create a precise pre-agreement between them upfront. Just imagine me trusting my grandma, and you trusting your grandma. Our validator sets have 0 overlap, but assuming both of our grandmas are online, and an active part of ...
@DesheShai ... the network that both regularly make statements, then they will commit to the same decisions. If we assume that PoS is secure in the sense of being able to provide short-term agreements (including real-time slashing to protect against malicious committees), then we will ...
@DesheShai ... both still reach the same protection against long range attacks as both of our grandmas will commit to the same state and are accordingly a "representative member" of a subset of the entire honest population of nodes.
The fact, that all votes are "public" and the block ...
The fact, that all votes are "public" and the block ...
@DesheShai ... delay is minimal (since each block only contains at max a single tx) makes me assume that we can measure misbehavior almost in real time (everybody sees that validators switch to a minority chain) leading to possible real-time slashing capabilities according to ideas that ...
@DesheShai ... Vitalik discussed here: vitalik.ca/general/2018/0… which should ultimately make us resilient against even 99% attacks on the PoS level but this needs additional research to see if my assumption will hold in practice.
But even if we assume that the pre-consensus can ...
But even if we assume that the pre-consensus can ...
@DesheShai ... temporarily be broken (>33% of stake turns malicious and our weak subjectivity protection doesn't work), then we would still expect the network to converge to a single chain again as even nodes that share 0% overlap in their validator sets still tend to converge to a ...
@DesheShai ... single opinion if the trust relationships form a "network" as layed out in that Stellar paper and equally verified by us as part of our Cellular Automata based line of research.
Now coming to what you wrote: I think the comparison to a finality block is not too far ...
Now coming to what you wrote: I think the comparison to a finality block is not too far ...
@DesheShai ... fetched, even though nobody really issues such a block. Instead users simply include a commitment to their local ledger state in each of their blocks that (after consensus) is the same for everybody. If a malicious node commits to something else then nodes will perceive ...
@DesheShai ... that as a competing commitment chain that they would only switch to if it is heavier AND has more support by trusted actors.
In practice we don't even process or forward these blocks in our "consensus engine" other than requesting compact weight proofs for their claimed ...
In practice we don't even process or forward these blocks in our "consensus engine" other than requesting compact weight proofs for their claimed ...
@DesheShai ... weight from the neighbor that broadcasted this malicious statement.
Since all nodes are signing the same hashes, you can construct a "virtual block" that is comprised of a list of all actors that signed the commitment, which can consequently be used to create the weight ...
Since all nodes are signing the same hashes, you can construct a "virtual block" that is comprised of a list of all actors that signed the commitment, which can consequently be used to create the weight ...
@DesheShai ... proofs I mentioned. We are planning to use sth like this: eprint.iacr.org/2020/1568.pdf
The biggest questions are most probably how to enable the identification and management of real world identities and their mapping to the ledger to make this work well. I have written a ...
The biggest questions are most probably how to enable the identification and management of real world identities and their mapping to the ledger to make this work well. I have written a ...
@DesheShai ... blog post about a new form of tokenomics that aims to extend the capabilities of DLTs to provide long living sybil protected identities for web2 as one of its key features and that tries to establish a compelling framework for managing these identities directly in the ledger:
@DesheShai Sorry for the wall of text - you can also pull out of the discussion if it gets too much.
I am not sure if you are honestly interested or just trying to be polite :P
I am not sure if you are honestly interested or just trying to be polite :P
• • •
Missing some Tweet in this thread? You can try to
force a refresh
