I think we solved the jamming problem with CLTV version of DE. So there was a positive outcome from this thread. I am happy that DE can work.
Yes scrutiny leads to progress.
I think we should celebrate TierNolan's original protocol, the implementation of CLTV in Bitcoin recently, and now my added improvement of "Coin Days Destroyed" to squelch jamming. DE can be a reality! Hooray!
I am excited about you implementing this. All altcoins that are excited too, need to implement CLTV.
Also, how can a PoS coin be attacked using this? Does this mean that PoS coins are more secure as atomic altcoins than PoW?
Unlike hashrate (electricity), stake only has to be purchased once and attack forever, so therefor rental prices for stake should be much lower (since stake costs less than hashrate).
"stake costs less than hashrate" this appears to be the same as saying donuts cost less than springs.
Sometimes the stake required to attack will cost more than hashrate and vice versa. So it all depends on the specific coins being talked about.
I am making a mathematical asymptotic argument similar conceptually to the arguments about Big O and Big Theta computational complexity classes (wherein at any particular/small values the conclusion might be opposite of the asymptotic reality). The point is mathematical structure in that stake only has to be purchased once, whereas electricity has to be paid continuously. Thus in terms of mathematical structure (all other variables the same, e.g. market cap, etc), then hashrate will be structurally more expensive than stake. Stake is not as secure as hashrate because stake is paid once for an eternal attack and hashrate must be paid continuously else the attack ends (is finite in duration). In short, stake enables an infinite duration attack (at no extra cost) and
thus stake is free and hashrate is finite and thus it is not free. If you don't believe that, then just consider that one can short a PoS coin (thus recovering the cost of the stake making it less than free) and the market is likely to sell off the coin during any stake-based attack because the market understands the only way to overcome the attack is to fork the coin. Whereas with PoW, the market may ignore the attack because it will be ephemeral unless the attacker can profit from the attack enough to pay for the ongoing cost of the electricity.
This is the fundamental reason that PoS is not secure. Apparently
some PoS coins have been attacked with stake, and the common case are the exchanges which control huge amounts of stake.
And I am not thinking it is so easy to cause deep reorgs at will. It could be that the DE for low security coins needs to be done over longer periods of time and in small increments, ie overlapped micropayment channels.
I presume I did not adequately explain the economic argument. The point is that once you incentivize profitable PoW attacks, the attacker can now sustain an attack indefinitely (or the DE is abandoned). Thus there is no longer period of time which is sufficient (from a mathematical structural perspective, although there might be particular cases that are secure, you can't state them with equations that enable reliable decisions). I understand you want to find some reasonable middle ground, but I presume you would play with fire if you pursued this similar to those who argued that PoS was an acceptable middle ground (yet even today we see that Bitshares' DPOS is probably controlled by a few exchanges and I think someone told me Nxt is controlled by a dictator).
I comprehend and am aware of the stance that says nothing is perfect and choose some practical middle ground. But I argue we can do better than some muddled middle ground where for example Bitcoin is already controlled by a Chinese mining cartel that has 65% of the hashrate and is provably lying about the Great Firewall of China being a hindrance for them (their motivation is obviously to make higher profits with higher transaction fees by constraining block size). This outcome
I predicted in 2013, even I nailed
in 2013 the block size as the specific failure mode, and everyone was
arguing at that time that I was loony. Their % of the hashrate will increase on the next block reward halving this year, because the marginally profitable miners are the first to go (and I suspect the Chinese mining cartel is getting subsidized electricity with political connections/corruption).
You can make the reasonable argument that the insecurity of the proposed cut & choose algorithm only impacts those altcoins without CLTV and thus it is better than no DE for those coins. In that case, maybe I can agree with that. But do fully acknowledge the Pandora's box security threat so enabled (but at least isolated to those who trade for those altcoins). Thus I don't think it will be a very popular case, if proper disclosures are made. Who would trade BTC for an altcoin where they might lose their funds due to an attack (particularly even a long-range lie-in-wait attack) and where the developers of that altcoin are unable to add the CLTV op code.
I am not conviced by general statements, especially when they have counterexamples that prove they are incorrect. I can easily name many PoS coins that are more expensive to obtain stake enough to attack against a set of PoW coins whose hashrate is lower.
Of course there are scenarios where a PoW coin pays less % of debasement to mining thus requires less cost for a short-term attack than a PoS coin with a huge market cap. This is primarily because Satoshi's PoW design is incorrect. I have a solution to this by making mining unprofitable so that no debasement is paid for mining.
Both the current PoS and PoW designs are flawed. That is one of the major innovations I am working on.
Sorry, general scare statements dont work on me.
The generative essence statement I made upthread was referring to the fact that given no reference point, DE would not be secure,. Without a reference point, nothing can be proven about crypto currency (e.g. double-spends can't be prevented, etc), thus the requirement for a reference point is essential (even Satoshi's PoW suffers from the fact that it is probabilistic and
didn't solve the Byzantine General's Problem because it can't identify an attack from a non-attack because the longest chain rule is self-referential). I can make such a general statement and be 100% certain there is no possible exception, because it is a fundamental inviolable mathematical structural issue.
The reference points are provided by my upthread "Coin Days Destroyed" suggestion a few days ago and the point yesterday in this thread about hard-coding the destination addresses in the CLTV. In order words, those reference points do not depend on future confirmations, but are past history (the age of the UXTOs being spent) and future invariants (the hard-coded destinations).
I was
just starting treatment for fatty liver disease over the past 2 days (along with running around getting a diagnosis and other foggy brain matters) so apologies that only this morning did I feel alert enough to write a coherent explanation such as this.
Only specific failure cases, which can then be generalized and solutions usually devised. I know that if I just say, sure in theory it wont work and dont push for a solution, then it would limit things to BTC <-> LTC and gradually more and more, so at worst it is a slow process, but we dont have to outrun the bear, we just need to be more secure than a CE.
There is a distinction between theory and inviolable mathematical structure. I will give you another example that I learned when I started to teach myself cryptography over the past 3 years. That is zero knowledge proofs are impossible without an asymmetric trap door function, i.e. they can't be done with hash functions. That is not theory. It is an inviolable fact due to the mathematical structure.
I think if the user can set the timeout values they can decide to accept the risk of blockchain reorg'ed after the swap. NXT PoS limits any reorgs to 720 blocks, so for NXT if the timeout is set above 720 blocks, then it will be beyond the reach of any attack. Couldnt any coin use data from the BTC blockchain from some hours in the past to create a backstop from massive reorg? By using the massive PoW of BTC, a PoS or weaker PoW would get an externally verifiable reference? Why couldnt that be used as the generative essence you say is required?
And if BTC data from recent past is good enough for a generative essence from infinite depth reorgs, then if a timeout is set to be past that, dont we have the finite time from attacks (PoW and PoS) and avoid the mathematical apocalypse you write about above. And so, if the DE submitted OP_RETURN data into all the supported altcoins with data from BTC, wouldnt all such chains get a backstop? Considering you said it was impossible on multiple occasions, there must be some basic error with the above. Just like there are external factors that need to be considered for attacks, there can be external factors that can be injected into the defense.
So, let us assume we have a bi-directional generative essences of protection. The altcoin chains put into their blockchain data from BTC blockchain of recent past (-2hrs?) and the BTC blockchain in turn puts altcoin data into its blockchain. OP_RETURN can be used on all to put a hash or two in all chains. This creates a supernetwork of interlinked blockchains, doesnt it? With all of them backstopped by BTC making it the foundation technically for all the blockchains.
My analysis is that the DE allows people to trade without using a third party escrow (CE function) and this is more decentralizing as the funds are now mostly in peoples wallets instead of a big giant pile in Big Vern's accounts. So if you are claiming that DE is bad, then I think you need to consider that a CE centralized trading funds across ALL the coins that are traded at once.
With DE, let us accept your assertion that it will allow some attacker to reorg any chain at will to any depth, as I am sure I couldnt have solved an impossible problem with this post vs. the practical cost of setting it up. Even with this point asserted, I claim that DE provides a better environment as an attack event affects just that one coin, not ALL coins at the DE.
So unless the existing situation of aggregated CE dependency is better for altcoins without CLTV, the DE is an improvement. AND much more importantly, if an altcoin starts trading using the DE, this provides a much stronger impetus for them to add CLTV as compared to the possibility of trading on the DE.
My analysis incorporates the big picture that includes getting altcoins to upgrade. As for the coins without dev teams... At least they can keep trading via DE even after all the CE get hacked to bits or discontinue them.
Doesnt the DE thus improve the situation for the altcoins? From the BTC maximalist point of view, if a lagging altcoin gets out of favor since it is continually attacked, then the DE acts as a spur to evolve. But primarily the DE reduces the concentration of deposits in the CE and gives people more options.