[Cryptography] Proof of Work is the worst way to do a BlockChain
jamesd at echeque.com
jamesd at echeque.com
Wed Feb 7 20:02:00 EST 2018
On 07/02/2018 08:54, Tony Arcieri wrote:
> There will be a number of proof-of-stake systems launching this year. I
> could say that they operate under a slightly different threat model than
> Bitcoin: they are "permissionless" in that anyone can spin up their own
> chain at any time and interoperate with other chains, but each chain is
> operated by what is effectively a cabal, which does not fit some
> people's definition of what "permissionless" and "decentralized" should
> mean...
>
> ...except the vicious cycle of proof-of-work has lead to the exact sort
> of cabal proponents of some platonic ideal of "decentralized" hope to
> prevent: it only takes two mining pools, either in collusion or through
> compromise, to pull of a so-called 51% attack against Bitcoin with the
> current miner distribution, and greater-than-99% of all Bitcoin
> transactions will be confirmed by less than a dozen mining pools. The
> experiment is a failure: proof-of-work does not work and is not a valid
> solution to the "decentralization" problem. Several chains operated by
> several cabals sounds like it does a better job of being "decentralized"
> than one chain operated by one cabal.
Need open entry into the "cabal", as well as cooperation and secure
efficient transactions between competing cabals, so that there is no
very strong difference between a competing cabal and a side chain. The
cabal should consist of peers in good standing, where the block chain
records a peer's provision of data storage and bandwidth to the chain,
and a peer loses good standing if he deviates from the rules.
Money should be controlled by client wallets hosted by peers, but each
transaction output should be associated with a peer, albeit a client
wallet can change the association without the cooperation of a peer. To
be a peer in good standing requires that the peer hosts transaction
outputs worth substantial value, as well as requiring that the peer
provides substantial bandwidth, storage, and up time.
The definitive version of the blockchain should rest on the vote of the
peers in good standing, and the number of peers in good standing should
be a lot larger than the existing number of dominant mining pools, but
should not be enormously large, perhaps a few thousand peers, a hundred
or so peers in good standing, hosting billions of wallets and hundreds
of billions of unspent transaction outputs.
Normally one peer in good standing, primus inter pares, is approved to
provide definitive approval of the final state of a block, and what he
says goes, except that at any time any of the other peers in good
standing can launch a delay, and hold a vote for a new primus inter pares.
The decision of the primus inter pares becomes effective and final when
evidence is generated, and stored in the block chain, that a majority of
the other peers in good standing have seen and acknowledged the
decision. This is in effect yet another variant of the Paxos protocol.
More information about the cryptography
mailing list