Apologies my brain was toast in my prior post after 20 hours non-stop coding (other than a few minutes to eat and urinate).
---8<---
In Satoshi's design the nodes want to be on the longest chain of PoW. In my design, they want to be on the longest chain of PoW which is not incongruent with the propagated inertia. There are two aspects (PoW and inertia) interlocking and supporting each other synergistically. The reason Bitcoin (Satoshi's design) can't do this distinction is because there is no inertia orthogonal to PoW. If you are thinking the PoW nominates the inertia, so the inertia is not orthogonal, then don't forget another key detail which is duration of nomination is much greater than any statistically objective honest orphan chain length (duration). Essentially my design is a form of anti-aliasing. More PoW resources can gain a larger share of the inertia, but the thing about inertia is that each participant views their own inertia as a priority and so any entity trying to blacklist another's inertia is going to be viewed statistically and objectively as fraudulent and thus that fraudulent PoW can be filtered out and its inertia spirals down. In other words, greater share of resources doesn't allow you to violate the laws of physics about propagation.
Here is some overview of the conceptual math to make this more concrete.
In Satoshi's design, the probability of your chain not being the longest chain and thus being orphaned is calculated (employing a Poisson distribution approximation) solely based on the number of blocks,
z, that have followed (and including) the block containing your transaction. No where in the calculation of the longest chain or probabilities for a double-spend do you see any variable related to anything other than
z and the relative PoW power (
p/q) of the entity computing a longer chain:
https://bitcoin.org/bitcoin.pdf#page=6https://bitcoil.co.il/Doublespend.pdf#page=5 (
http://arxiv.org/pdf/1402.2009.pdf#page=5)
Here follows references on the computing the orphan rate and the statistics about "informed nodes":
http://diyhpl.us/~bryan/papers2/bitcoin/Information%20propagation%20in%20the%20Bitcoin%20network.pdf#page=8https://bitcointalk.org/index.php?topic=250735.msg2666847#msg2666847https://blog.ethereum.org/2014/07/11/toward-a-12-second-block-time/#comment-1521884349https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-August/009916.htmlhttps://dl.dropboxusercontent.com/u/43331625/feemarket.pdf#page=4As an approximation, as the "average" verification+propagation delay decreases
linearly relative to the block period (block period is enforced with PoW difficulty), then the orphan rate and probability of being an uninformed node or on an orphaned chain (at some
z) decreases
exponentially.
Thus statistically it should be possible to ignore longer chains that become widely informed much later than the probabilities would indicate are reasonable, i.e. one could select a threshold for filtering at say 1/1000 chance without causing appreciable pain to honest miners.
But Bitcoin's nodes can't measure how relatively informed all nodes are for the competing chains (i.e. there is no reference point, everything is totally relative solely to longest chain measured in blocks and/or cumulative difficulty of the blocks), thus it can't incorporate such a statistical anti-aliasing against dishonest mining. What I have initially named "inertia" are the confirmations that occur orthogonal to the PoW chain, which Bitcoin doesn't even have (and the Bitcoin-NG proposal/paper doesn't change this, because confirmations don't occur out-of-order and orthogonal w.r.t. to the nomination from the longest chain). Thus in my design there is an objective measurement that is valid from the perspective of each node as to whether one chain (although longer) was withheld from the network or is blacklisting some portion of the network. Again this depends on some very specific changes to the design and propagation of the P2P network. Which also depends on an overall change to the way confirmations are achieved and recorded in the block chain. It has some conceptual similarities to a DAG, but I assert (not yet shown publicly) my design rectifies the issues with a DAG that I outlined in my discussions last month with CfB@Iota. Details to be forthcoming in white paper.
So in my design the mathfor choosing the longest chain to mine oninclude the calculations about what is statistically fraudulent.
Thus double-spending, blacklisting the minority PoW, and forking the protocol with a 51% attack becomes statistically implausible (intractable).In other words, I unconflate confirmation of transactions (which is inertial evidence of who is lying about propagation) with PoW longest chain consensus (and use that consensus only to nominate who can do confirmations). Thus being nominated is permissionless, unless the adversary has 100% of the PoW. The adversary could have 99% of the PoW and the nominated resources, but it would still be objectively clear to the remaining 1% that the 99% is fraudulenting blacklisting the minority or forking the protocol and thus the minority's inertia would fork away from the fraudulent inertia. The payer's (non-full node) clients would recognize this also (by monitoring block announcements on both chains and computing relative statistics about delay, noting that block announcements are very light to verify and "fraud proofs" are employed as security mechanism ... see
my recent posts about "segregated witness") and send their transactions through the 1% fork.
This of course requires a much longer block period because the propagation delay to any client could be much longer. So in essence the dishonest fork could have 99% of the PoW yet none of transaction activity. If the 99% PoW fork is not measurably dishonest, then it will of course not be filtered out.
A future white paper will lay out the precise math for peer review.