Possible? I don't see how it's possible to draw a picture to have longest-path-as-the-score rule to be broken by an adversary.
"Longest-path-as-the-score" differs from what is proposed in the whitepaper. We were talking about another algo.
Longest-chain. There can only be one. Reverting to a block chain, except that chain grows per TX and not per block. But afaics double-spend coherence and complex game theories thereof would require you to violate the CAP theorem.
Simple. Just allow special coinbase txs that additionally need to reference the previous coinbase tx and need so much PoW that they can only happen on average every 10 mins:)
This magically moves Nash equilibrium towards superwide DAG.
Bottleneck to what? It is only recording checkpoints. It is not slowing down the forward advance of the DAG. It is orthogonal, except for the coinbases which can be spent into the DAG (after sufficient # of blocks to be probabilistically sure of coinbases not being reverted by an orphaned chain).
What is this blockchain supposed to checkpoint? DAG topology? Then this blockchain must possess fragmentation flexibility of DAG which is impossible in high-load, unless DAG waits for the blockchain to catchup. You can wait for 1 month before getting ability to spend coinbase coin, but once a corresponding checkpoint is recorded into the blockchain a greedy miner will generate another (better) tip containing a double-spending transaction invalidating tip which has been recorded.
in the event a honest guy tries to reference a legit tip and the attacker's tip, he'll detect the contradiction and won't do it. Therefore, the attacker's subtangle will be abandoned.
This requires not just an honest guy, but a diligent one as well.
The risk is that honest guys will be lazy and rely on others to go far back in history to check all tx for double spending.
The lazy guys risk that their tx's will be abandoned, because the majority of the nodes won't reference them.
That is precisely how I would have answered. It is quite clear that everyone has a strong incentive to be on a correct branch, else any time down stream someone can broadcast a notice that a branch is incongruent then that branch gets abandoned.
But doesn't this mean that there is a great incentive to not include tips in your branch, because these don't yet have enough veracity to be sure they won't end up being a double-spend. In your system there is often no way to prove which of the double-spends were first, so they both are invalid.
Seems to me no one has an incentive to lengthen instead of broaden the tree. But I haven't absorbed the white paper. Did you address that?
Yes. As mentioned somewhere above on this page (or maybe on the previous one), the (default) referencing algorithm works in such a way that it prefers tips with bigger height. So, if you're too lazy and reference some very old tx's, you take the risk that your tx won't be referenced by others.
But that default doesn't seem to be the correct game theory? This is Prisoner's Dilemma game. Afaics, lower incentive to go first on including a new tip. Just noticed yesterday
this research on cases where the pessimistic Nash equilibrium is claimed not to hold (but on quick glance I ponder if they have overly simplistic assumptions in their models).
Obviously if everyone defects to making their own branches (maximally broaden the tree), then no one's tips get lengthened and thus the entire system doesn't function. But is the optimum strategy the default that you assume?
We assume that the node knows that most nodes will behave well, and so it's obliged to behave well too.
The attacker doesn't publish it untill he has enough transactions referencing the second doublespending transaction.
The second doublespending won't be referenced because the longest tip already contains the legit transaction.
Anyhow, we are discussing now with CfB ways to define better referral algorithms, which would permit to fence off such attacks in a more efficient way.
Contrary to my initial
upthread enthusiasm, I am leaning towards this DAG concept can not work because it appears to attempt to defeat the CAP (Brewer's) Theorem. Before I was thinking the multiple (multifurcating) branches are orthogonal, but it becomes clearer from the game theory issues quoted above, that there are complex dependencies. Analogous issues as the following appear to apply to DAG:
The key failure in your design is the lack of incentive to have a consensus. What is the incentive for voting nodes to agree with the correct fork and for minority nodes to agree with the majority fork? Seems to me they can all disagree and no one can prove otherwise, because they can pretend to have never heard the votes of others (no way to prove receipt of a vote on the internet). This shows that without the objectivity of a PoW, then there is no objectivity and you end up in chaos.
Primarily this is mitigated by the fact that if a node doesn't create a fork, there is nothing to vote on, no consensus is needed. If I have a signed block chain A0->B0->C0 and it's published, no one can vote between C0 and let's say C1 because there is no signed C1. If you don't sign forks, no one can vote on your transactions.
I don't comprehend your notation and its applicability, but I was just thinking conceptually that you have a these N block chains operating orthogonally, thus one one can receive the transfer of value from the other. Then you can have double-spends and what not. So then you can have different block chains disagreeing about a plurality of different orthogonal block chain states. There is no global unified state, that is the entire point since missing the global PoW block period to force timely consensus to this single objective reality. If we don't want a global state, then we must use a
probabilistic forking structure such as Iota's DAG to obtain
Byzantine fault tolerance. You've conflated the independence with the determinism required for global coherence. Global coherence with individual realities (relativism) can only be probabilistic. I believe this follows from
Brewer's theorem which says it is impossible to have all three of consistency, availability, and partion tolerance.
In PoW, miners have an incentive to reach consensus because otherwise their rewards won't be honored by the longest chain. In your system the majority of the vote is the winning fork, except there is no penalty for delaying for an indefinite period acknowledging receipt of such a vote. Thus complex game theories arise. Even more critically, the majority vote may be split among multiple forks, such that there is no consensus, because you have multiple chains thus a plurality of permutations of forks.
I do want readers to note which of the three posters in this thread was able to state directly the design error. That should be instructive to investors.
Well-behaved nodes are configured to flip their vote if they observe their fork variant as having fewer votes than another. The only way to vote is to have a balance tied up in the network. To vote to confuse the network is to destroy its value which destroys your investment. The incentive is to retain value in the system rather than accumulate rewards through inflating everyone else.
Not necessarily. They could collude to steal value from another fork by double-spending to the other fork and then disagreeing about the objective time of spending. Perhaps other complex game theory as well. Also it may not be intentional. Per my point above, the objective reality may be indeterminate and the system may have a plurality of minority realities (votes). That is what I expect to be the normal mode due to chaos theory.