elective-stereophonic
elective-stereophonic
The Paper on Long-Range attack & Nothing-at-Stake singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Nxt Client: Nxt 1.11.15

Pages: 1 [2]  All

Author Topic: The Paper on Long-Range attack & Nothing-at-Stake  (Read 12181 times)

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #20 on: December 18, 2014, 05:04:53 pm »

How could that helps? A new node will download a valid fake chain with valid fake transactions with properly filled EC fields.

Knowledge of Wallmart account is enough to reject all fake chains.


EC is the kind of singlebranch enforcement, I guess like e.g. Slasher, but more reasonable for me. Further investigation here is needed though.

This is a tough task because pure math won't be enough. An expert in Economics would be handy.
Logged

kushti

  • Board Moderator
  • Sr. Member
  • ****
  • Karma: +184/-5
  • Offline Offline
  • Posts: 384
  • Nxt Core & Apps Dev
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #21 on: December 19, 2014, 07:24:52 am »

How could that helps? A new node will download a valid fake chain with valid fake transactions with properly filled EC fields.

Knowledge of Wallmart account is enough to reject all fake chains.

You mean some big stakeholder and transaction generator (a "Wallmart') will try to follow the single branch as there's economic incentive? That could be true, but too many assumptions around.
Logged
for donations / messages: NXT-PKXM-WH25-UXXG-CJAVD (alias: kushti)

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #22 on: December 19, 2014, 07:51:06 am »

You mean some big stakeholder and transaction generator (a "Wallmart') will try to follow the single branch as there's economic incentive? That could be true, but too many assumptions around.

Agree, economic clustering may not work in a decentralized environment (this mentioned in one of the parts of BCNext's plan), these two things look contradicting each other. A lot of work for future researches.
Logged

valarmg

  • Hero Member
  • *****
  • Karma: +178/-57
  • Offline Offline
  • Posts: 1766
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #23 on: December 20, 2014, 07:58:32 pm »

Buterin discussed the paper in this thread if either kushti or andruiman want to reply: http://www.reddit.com/r/Bitcoin/comments/2pvt1e/proof_of_work_proof_of_stake_and_the_consensus/

Logged
NXT-CSED-4PK5-AR4V-6UB5V

Fatih87SK

  • Hero Member
  • *****
  • Karma: +127/-36
  • Offline Offline
  • Posts: 2206
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #24 on: December 20, 2014, 08:02:14 pm »

Logged

benjyz

  • Hero Member
  • *****
  • Karma: +71/-4
  • Offline Offline
  • Posts: 508
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #25 on: December 21, 2014, 09:37:52 am »

From the current vision I do not see any connection between long range attack and N@S in the formulations given in the paper. We define the long range attack as a possibility to produce a better chain alone by some account (well, it can contain the same transactions and other stuff, so the balance entropy approach  can pass it).

VB's LRA/N@S formulation is a different one. He defined it in the reddit thread yesterday as

Quote
Attacker goes to all of the participants in the genesis sale, and offers them $5 in exchange for their private keys. Note that every participant can take their funds and move them to a new account, so there is no security risk from participating.

This is nonsense (as I'm used to from VB). Why would anyone sell their private keys? How to even know who the investors where? I mean even if one has the genesis accounts what does one do with them? The stake today is not the stake at the beginning. So LRA in this formulation is no problem at all - and here my entropy argument applies. It is/should not be not possible to re-write history like that. Nxt also has a re-write limit active to prevent LRA.
Logged

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #26 on: December 21, 2014, 10:13:40 am »

From the current vision I do not see any connection between long range attack and N@S in the formulations given in the paper. We define the long range attack as a possibility to produce a better chain alone by some account (well, it can contain the same transactions and other stuff, so the balance entropy approach  can pass it).

VB's LRA/N@S formulation is a different one. He defined it in the reddit thread yesterday as

Quote
Attacker goes to all of the participants in the genesis sale, and offers them $5 in exchange for their private keys. Note that every participant can take their funds and move them to a new account, so there is no security risk from participating.

This is nonsense (as I'm used to from VB). Why would anyone sell their private keys? How to even know who the investors where? I mean even if one has the genesis accounts what does one do with them? The stake today is not the stake at the beginning. So LRA in this formulation is no problem at all - and here my entropy argument applies. It is/should not be not possible to re-write history like that. Nxt also has a re-write limit active to prevent LRA.
combined with the EMP attack is the only way I can see this attack to work.

James

Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

Roiman

  • Jr. Member
  • **
  • Karma: +11/-0
  • Offline Offline
  • Posts: 79
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #27 on: December 21, 2014, 12:28:01 pm »

Great read, thanks...
The N@S does seem like the Byzantine Generals Problem (double spend)
without the PoW there is the problem of node selection to confirm blocks.
centralisation can fix (whats the point) or hallmakerked/prime/trusted nodes can be used 
but bad actors could manipulate the system.
selection of nodes seems to be the essential question to answer but many alternatives have flaws.
i like the idea of a timestamp on the blockchain with some data that cant be manipulated  like
lotto/sports results.
thought the fee with the PoT assisted  with avoiding  attacks?
Logged

HassenBlasques

  • Jr. Member
  • **
  • Karma: +37/-0
  • Offline Offline
  • Posts: 32
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #28 on: January 03, 2015, 09:19:01 am »

This is a tough task because pure math won't be enough. An expert in Economics would be handy.

Hello, I am an economist, teaching a course concerning cryptocurrencies at University of Economics in Prague. I would gladly try to help if you explain me deeper the economic task in it.
Logged
NXT: NXT-EVPU-KNB6-TAYK-8UUZR
UniversityProject: NXT-7AC4-Z4SS-UNXK-DX42X

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #29 on: January 03, 2015, 09:52:43 am »

Hello, I am an economist, teaching a course concerning cryptocurrencies at University of Economics in Prague. I would gladly try to help if you explain me deeper the economic task in it.

As it's known, economy tends to cluster, this is why big cities like New York were formed. Protection against long-range attacks on Nxt is based on assumption that Nxt economy will form a single cluster and the legit chain can be chosen easily by analyzing ratio of transactions made by big players of the cluster.

The question: is the assumption correct or economy based on decentralized technologies doesn't cluster?
Logged

HassenBlasques

  • Jr. Member
  • **
  • Karma: +37/-0
  • Offline Offline
  • Posts: 32
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #30 on: January 04, 2015, 05:05:40 pm »

I read both the papers concerning Multibranch forging and PoS forging algorithms and I do not understand some points:

I don't get how multiple branches can carry the same information. Even if all the branches included the same transactions and malicious attacks were impossible, there still will be differences in the accounts that forged particular blocks and e.g. in the amounts of money on these accounts (because of the fees). What do I miss? A single public ledger (be it blockchain or "blocktree") must always carry single, common information, otherwise it's worthless.

"We showed that in comparison with single-branch strategy the multibranch one is more efficient in terms of the number of generated block (and therefore the fee rewarded)"
- Why should this be true? The fees are not dependent on the number of generated blocks but on the number of transactions that are included in the blocks. A transaction usually has a cause and that is more or less given and independent on the way blockchain (or "blocktree") works. Faster generation of blocks only potentially increases the velocity of money but I'm not confident that it would really make a difference.

If there shall be some big fish like Walmart, they will be much more interested in the stability of the cc as its payment gate than it should look for the fees that are rather irrelevant. If there should be a purpose for Nxt, it barely is making money in fee schemes. Once the net is important or even vital for a major economic player, the player acts in accordance with common interest of the net's users (for he does not want them-the customers-to leave). In case a multibranch system is more effective, a rational behavior would be for Walmart to forge that way instead of trying to earn as many fees as possible.

Decentralized system doesn't mean that it does not cluster. Clustering is natural because it is advantageous. Clusters are advantageous because they a) decrease costs for their members, b) utilize the positive externalities produced by the strong members. Decentralized systems cannot exclude the (market) power of certain agents. Decentralization means that no agents are given extra rights over the others. In other words, decentralized systems are more flexible and the trust is distributed to every single agent (node). Still a trust to Walmart would be incomparably higher and its "gravity" would probably attract a decisive majority of other agents.

Anyway, I can see no reason, why such a cluster would mean that there will be a single-branch. The "Walmart" could run multiple-branches itself, as I tried to point out above.
Logged
NXT: NXT-EVPU-KNB6-TAYK-8UUZR
UniversityProject: NXT-7AC4-Z4SS-UNXK-DX42X

andruiman

  • Jr. Member
  • **
  • Karma: +34/-1
  • Offline Offline
  • Posts: 37
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #31 on: January 07, 2015, 02:43:38 pm »

I don't get how multiple branches can carry the same information. Even if all the branches included the same transactions and malicious attacks were impossible, there still will be differences in the accounts that forged particular blocks and e.g. in the amounts of money on these accounts (because of the fees). What do I miss? A single public ledger (be it blockchain or "blocktree") must always carry single, common information, otherwise it's worthless.

We offer to distinguish the common data and common vision. Generally speaking it is not necessary for accounts to keep the same data to act equally (or equivalently). The main purpose of the blocktree structure is to implement what actually exists. The current Nxt protocol can deal with branches by rolling back blocks, we offer to do it in more natural way keeping the whole tree structure.  There is an inspiring analogue from physics - where are observable and unobservable values, e.g. quantum psi-function with unobservable argument for exp, or vector magnetic potential - all those example leads to very powerful calibration theory and are fundamental property of the nature (as we believe :). In economics this principle also can be applied as we know from the Quantum Finance studies. I spent some of my life to the intellectual property appraisal (math methods) and ready to conclude that the monetary value  of the objects is not observable unless we do a particular transaction, which we can treat as a quantum measurement. The great example could be also taken from the robotics where the pioneering works of S. Thrun gave the probabilistic approach to the self-localization problem as opposite to deterministic.

The same principles we are implementing here through the blocktree structure giving the possibility to maintain maybe different underlying data with the equivalent reasoning.   
Logged

andruiman

  • Jr. Member
  • **
  • Karma: +34/-1
  • Offline Offline
  • Posts: 37
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #32 on: January 07, 2015, 02:48:14 pm »

"We showed that in comparison with single-branch strategy the multibranch one is more efficient in terms of the number of generated block (and therefore the fee rewarded)"
- Why should this be true? The fees are not dependent on the number of generated blocks but on the number of transactions that are included in the blocks. A transaction usually has a cause and that is more or less given and independent on the way blockchain (or "blocktree") works. Faster generation of blocks only potentially increases the velocity of money but I'm not confident that it would really make a difference.

You are right. But that statement is given about the comparison with single-branch forging, i.e. multibranch account can effectively forge more blocks and get proportionally more fee than a single-branch within the same time interval and ceteris paribus.
Logged

kushti

  • Board Moderator
  • Sr. Member
  • ****
  • Karma: +184/-5
  • Offline Offline
  • Posts: 384
  • Nxt Core & Apps Dev
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #33 on: January 14, 2015, 04:00:27 pm »

Made a post summarizing known claimed attacks on proof-of-stake (BitcoinTalk) https://bitcointalk.org/index.php?topic=897488.msg10152632#msg10152632
Logged
for donations / messages: NXT-PKXM-WH25-UXXG-CJAVD (alias: kushti)

Daedelus

  • Hero Member
  • *****
  • Karma: +230/-12
  • Offline Offline
  • Posts: 3280
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #34 on: April 15, 2015, 12:49:01 pm »

@Hassen

I'm not sure which answer you gave to CfB's question  ;D

Is a decentralized economy likely to cluster as the centralized economy is seen to do?

I thought you were saying decentralized economies were likely cluster but then your last line cast doubt in my mind.
Logged
NXT: NXT-4CS7-S4N5-PTH5-A8R2Q

Roiman

  • Jr. Member
  • **
  • Karma: +11/-0
  • Offline Offline
  • Posts: 79
    • View Profile
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #35 on: April 15, 2015, 01:16:27 pm »

I don't get how multiple branches can carry the same information. Even if all the branches included the same transactions and malicious attacks were impossible, there still will be differences in the accounts that forged particular blocks and e.g. in the amounts of money on these accounts (because of the fees). What do I miss? A single public ledger (be it blockchain or "blocktree") must always carry single, common information, otherwise it's worthless.

We offer to distinguish the common data and common vision. Generally speaking it is not necessary for accounts to keep the same data to act equally (or equivalently). The main purpose of the blocktree structure is to implement what actually exists. The current Nxt protocol can deal with branches by rolling back blocks, we offer to do it in more natural way keeping the whole tree structure.  There is an inspiring analogue from physics - where are observable and unobservable values, e.g. quantum psi-function with unobservable argument for exp, or vector magnetic potential - all those example leads to very powerful calibration theory and are fundamental property of the nature (as we believe :). In economics this principle also can be applied as we know from the Quantum Finance studies. I spent some of my life to the intellectual property appraisal (math methods) and ready to conclude that the monetary value  of the objects is not observable unless we do a particular transaction, which we can treat as a quantum measurement. The great example could be also taken from the robotics where the pioneering works of S. Thrun gave the probabilistic approach to the self-localization problem as opposite to deterministic.

The same principles we are implementing here through the blocktree structure giving the possibility to maintain maybe different underlying data with the equivalent reasoning.
never thought of it like that. like a wave of possibility or Schrodinger cat, its not measurable until its measured.
I agree which would encourage different branches.
also i would think clusters form naturally, in a decentralized world there are still cities, companies, organizations, on a roulette table there are clusters of red and black, colors on a bird its nature.
think this makes it easier to visualize decentralized
Logged

allwelder

  • Hero Member
  • *****
  • Karma: +196/-13
  • Offline Offline
  • Posts: 1867
  • NxtChina.org
    • View Profile
    • NxtChina.org
Re: The Paper on Long-Range attack & Nothing-at-Stake
« Reply #36 on: December 29, 2015, 07:07:02 am »

You mean some big stakeholder and transaction generator (a "Wallmart') will try to follow the single branch as there's economic incentive? That could be true, but too many assumptions around.

Agree, economic clustering may not work in a decentralized environment (this mentioned in one of the parts of BCNext's plan), these two things look contradicting each other. A lot of work for future researches.
This means Nxt will be like BTS with centralized super NODE?
Logged
NxtChina |Weibo |Twitter Donation welcomed:NXT-APL9-66GU-K8LY-B3JJJ
Pages: 1 [2]  All
 

elective-stereophonic
elective-stereophonic
assembly
assembly