[Cryptography] [Crypto-practicum] Please critique this mining-free blockchain design

Ron Garret ron at flownet.com
Tue Aug 1 13:37:00 EDT 2017


On Jul 28, 2017, at 3:34 PM, Lodewijk andré de la porte <l at odewijk.nl> wrote:

> It is quite easy to guarantee a full record, provided the whole record. A hash & sign is indeed sufficient. The proposed mechanism is too simplistic - it wouldn't scale at all, and it doesn't exploit the features a consortium could bring.
> 
> Bitcoin solves, for me, censorship and (to a certain degree) privacy wrt transactions. It also has reliability, and a degree of immunity from the law (another source of risk). One could say that although Bitcoin is terribly volatile, it is inherently exceedingly robust.
> 
> You'll note Ripple is effectively a consortium of trusted parties doing a blockchainish move. It's quite hidden how it works nowadays, but it's probably just mutual ledger signing, perhaps in a contrived package to sell it better. When last I checked, they obtained much of the anti-censorship/privacy/reliability by piggybacking whatever transactions on a bitcoin ledger.
> 
> You might like non-proof-of-work chains, like Nxt, which are not very costly at all. The loss is the difficulty in determining one's actual security. Mining gives you a nice easy number - hashes-deep-my-tx-is-buried - that you can convert to actual cost for manipulating one's transaction. Or Stellar, whose failure modes are less transparent entirely (network splits aren't great conflict resolution afaik).
> 
> The core question here is, why do you want a Trusted Third Party (consortium) so much? Why isn't a consortium-of-users enough to provide whatever feature you're looking for?
> 
> If it's speed; you'll likely look at network latency primarily. If you're doing a payment channel it's a RT between the recipient and you, or even just the time it takes for you to sent (you know it's correct anyway, provided the network is reliable enough). The action is entirely local so that seems pretty great. A payment channel can also pass by a trusted party, in case the RTT to the TTP is shorter.
> 
> Better yet is to trust your payment recipient - IOU's, both signed, perhaps redeemable at a bank/cryptonet of choice, don't even require ledger-lookups! If you can sue the opposite party afterwards (or otherwise permissionlessly obtain your value), that's far superior.

I want both speed and efficiency.  I want an electronic currency that is as fast, reliable, and cheap as cash.  If we are in physical proximity to each other then I can transfer a dollar to you by handing you a dollar bill.  That process takes a few seconds, and it’s very reliable and efficient.  There’s some fixed overhead in the form of taxes to support the TTP (the U.S. government), but the incremental cost per transaction is essentially zero.

Mining-based cryptocurrencies can never be fast or efficient.  Being slow and inefficient is the very foundation of their security model.

The reason I don’t want a consortium of users is that I want it to be at least potentially as universal as cash.  I want to be able to pay anyone using this system just as I can with cash.  The vast majority of users are not technically savvy enough to participate in a ctyptocurrency consortium.  Even if it could be made to work somehow, I don’t really see the benefit.  I’d rather pay someone who knows what they’re doing operating in a competitive market to provide this service.  I believe in specialization and division of labor.

rg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170801/7482eb2a/attachment.html>


More information about the cryptography mailing list