I didn't realize such persistence was a requirement of your design.  I was thinking about certificates that are regenerated by a node every time its IP changes, enhancing anonymity and reducing the ability of an adversary to recreate a historical network state.   It may not have been relevant after all. 

A design where IP addresses are transient and used to sign hashes, wherein the next IP to be assigned to a given node is random, would seem to be harder for an adversary with unlimited computing power to precompute and attack.  This extremely-dynamic IP assignment is built into IPv6.  That was the thought.

I was reading up on IPv6 and thought of this project when I read this:

http://datatracker.ietf.org/doc/rfc4941/

RFC4941 Privacy Extentions allows for nodes to randomly shift their IPv6 addresses in order to foil MAC and IP tracking.  I intuit that there are some positive implications for using IP addresses to sign hashes, especially in a KSI regime.

Scumby

My intent in introducing KSI is it is an example of a design along the same lines where

a) a central "mint" can be trusted but verified by peers
b) peers can be trusted because their transactions must signed by the central mint, so you can have a canonical blockchain (blocktree?)
c) there's no replaying of the blockchain possible thanks to information partitioning, but integrity can still be checked by everyone by verifying the hierarchical hash tree calculations. 

If you make the mint nomadic, and you add public chaos to handicap anyone who somehow could forecast the blockchain, I think you would have something better than Bitcoin. 

I think in this scheme, the issue is that the 51% adversary could rig the elections of superpeers.  It's no longer about protecting the historical blockchain from rewriting.  Buldas essentially encodes time into the blockchain in a way that he says is provably resistant to backdating *and* independently verifiable by third parties that do not have access to the full ledger.  For the application he had in mind (signing every syslog entry of every Linux machine in the world) it would have been impractical to distribute every single transaction around.  Here is the summary in the paper you linked to:


I'm rejecting Buldas' statement in bold, which  I believe to be motivated by his commercial ambitions, and substituting your nomadic mint.


It may not have been clear that I was rejecting a central newspaper authority like Buldas designed and Satoshi rejected, and glomming onto your nomadic mint to publish the public top-level hash automatically.  Term limits!

*********

Re: Bitcoin Core, I think where this could lead is partitioning the cryptocoin hash space amongst superpeer-led mining pools, and federating/mixing their respective blockchains up the hierarchy.  That would encourage people to start mining pools instead of scamcoins and scamexchanges.

Let's go back to Satoshi's original paper:


You have already shown Satoshi's counterfactual assumptions here were wrong.  You have solved the problem of a central company controlling the mint with your nomadic mint.  The payee gets proof by cooperating in electing a dynamic superpeer hierarchy and trusting it to prevent double-spend, without seeing every transaction.  Instead of mining independently, the nodes can cross-check the calculations of their superpeer and shoot him if a majority discover he's a turncoat.  The superpeer can in turn try to identify bad nodes to be shunned by the network, and broadcasts intermediate signature hashes for consumption by end nodes.  Superpeers could be spontaneously elected for a term of office.  You are inspired by what mining pools are already doing in practice, but now are incorporating it into a self-organizing cooperative system.  Cool stuff!


We now know that one-CPU-one-vote didn't work out too well once ASICs got into the action.  CPOS solves the majority decision making representation problem by spontaneous election of trusted nodes/mints, and then all the other nodes watch them for misbehavior.  The superpeers, in turn, need to watch out for Sybil attacks and rally honest nodes against them.  This is a more biologically-supported approach than Santoshi's competitive gold mining, if you think about it (think bees and neurons).


Here's what Satoshi says:


The cryptographic proof-of-work blockchain approach used in Bitcoin inherently suffers from replayability and being determinate, which Satoshi solved by starting a computing arms race chasing an exponential function.  POS has the same weaknesses from what I can tell.  In KSI, the blockchain is one-way in time, and cannot be replayed by an adversary, because the complete ledger is not visible to all nodes.  That's a feature, originally designed to enforce a centralized signature upon a single node's transaction, for integrity purposes.  There is a hierarchical summarization by special nodes (like CPOS superpeers and nomadic mints) that broadcast digest hashes, which each end node has to sign onto its own transactions.  Superpeers can be nomadic and elected (that would be an extension of KSI), and are responsible for supervising the nodes within their hash space and time.  The system is still dependent upon 51% honest nodes.

By adding a chaotic parameter into the blockchain hash, I think it would be harder to "surpass the work of honest nodes" in Satoshi's parlance, because it would increase the dimensionality of the precalculation necessary, and hopefully make it harder to design an ASIC around.


My own research indicates that the DRAO at Penticton, BC Canada is the gold standard for 10.7 cm flux, and has been tracking it since the 1950s.  You could define the chaos broadcast as an average of several world observatories.  I think it would be neato if the nomadic mint published the summary Merkle hash, the solar flux value that can be cross-checked, and the resulting hash value.  Not even the NSA can control the Sun.  I don't know how much additional security solar chaos really adds, but it just feels good, doesn't it?

I have only a basic understanding of Bitcoin's internals, so if there is nonsense here due to my own ignorance I apologize.  I think you are doing a tour-de-force job of assimilating a wide cross-disciplinary breadth of ideas here, but I am concerned that the TexAI/Cyc ontology stuff is so alien to most developers that it could torpedo your adoption if you make it too front-and-center.  The AI integration into the CPOS "stew" feels a bit forced; it's evidently a treasured ingredient in your own intellectual "refrigerator" and provides you continuity with your AI work, but you're going to have a hard enough time getting mindshare without having to also persuade engineers that symbolic programming with ontologies is worthwhile for cryptocurrencies.  My .02.

******

I think of KSI as envisioned above as a skip list of Merkle trees, with the skip list built around hashing that is one-way not only in calculation, but also in time.  It does this in a way that is far more bandwidth-efficient than replicating massive blockchains around like Bitcoin.  Guardtime markets this to governments as a way of signing documents and Linux OS log entries with keys that can't be tampered with, in order to defeat future Edward Snowdens from modifying system logs.  I think this same concept could be used for ledger integrity for micropayments as you note, or just about any kind of ledger for that matter.

The implementation envisions a newspaper or central service that would broadcast a top level hash, and providing this service (or enabling a central government agency to provide it, as is done in Estonia) is how Guardtime thinks it will make money.  A nomadic mint performing this function would seem to be preferable to a fixed commercial or government source. 

What has not been explored AFAIK, is what if the nomadic mint's KSI calculation had a publicly visible component that could be cross-checked by any client?  I.e. if the hash function had to mix in a widely observable source of chaos, such as the S&P 500 index closing price or solar flux index.  People might relax about cooperation if the public could "trust, but verify" the calculations of the population of nomadic mints subject to attack by a powerful adversary.  KSI + chaos could be immutable in the past (cannot reconstruct a historical hash with KSI) and the future (chaotic processes are immune to time series forecasting). 

[Lurker decloak]
This thread has reached the point where it could use an injection of keyless signature infrastructure, as invented by Ahto Buldas of Guardtime (I am not associated with them):

http://en.wikipedia.org/wiki/Linked_timestamping

Some forms of global coordination, such as a stochastic cooperative signal that is widely observable, are compatible with decentralized paranoia.  Just ask neurons and ants.

Perhaps Mr. Reed might reconsider his resignation to PKI and central servers with this information.
[/Decloak]