[Cryptography] [Crypto-practicum] Please critique this mining-free blockchain design
Lodewijk andré de la porte
l at odewijk.nl
Fri Jul 28 18:34:48 EDT 2017
It is quite easy to guarantee a full record, provided the whole record. A
hash & sign is indeed sufficient. The proposed mechanism is too simplistic
- it wouldn't scale at all, and it doesn't exploit the features a
consortium could bring.
Bitcoin solves, for me, censorship and (to a certain degree) privacy wrt
transactions. It also has reliability, and a degree of immunity from the
law (another source of risk). One could say that although Bitcoin is
terribly volatile, it is inherently exceedingly robust.
You'll note Ripple is effectively a consortium of trusted parties doing a
blockchainish move. It's quite hidden how it works nowadays, but it's
probably just mutual ledger signing, perhaps in a contrived package to sell
it better. When last I checked, they obtained much of the
anti-censorship/privacy/reliability by piggybacking whatever transactions
on a bitcoin ledger.
You might like non-proof-of-work chains, like Nxt, which are not very
costly at all. The loss is the difficulty in determining one's actual
security. Mining gives you a nice easy number - hashes-deep-my-tx-is-buried
- that you can convert to actual cost for manipulating one's transaction.
Or Stellar, whose failure modes are less transparent entirely (network
splits aren't great conflict resolution afaik).
The core question here is, why do you want a Trusted Third Party
(consortium) so much? Why isn't a consortium-of-users enough to provide
whatever feature you're looking for?
If it's speed; you'll likely look at network latency primarily. If you're
doing a payment channel it's a RT between the recipient and you, or even
just the time it takes for you to sent (you know it's correct anyway,
provided the network is reliable enough). The action is entirely local so
that seems pretty great. A payment channel can also pass by a trusted
party, in case the RTT to the TTP is shorter.
Better yet is to trust your payment recipient - IOU's, both signed, perhaps
redeemable at a bank/cryptonet of choice, don't even require
ledger-lookups! If you can sue the opposite party afterwards (or otherwise
*permissionlessly* obtain your value), that's far superior.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170729/bd6ff494/attachment.html>
More information about the cryptography
mailing list