[Cryptography] Our leader opines on cryptocurrencies

jamesd at echeque.com jamesd at echeque.com
Tue Jul 23 20:00:23 EDT 2019

On 2019-07-22 5:35 am, james hughes via cryptography wrote:
>> On Jul 20, 2019, at 8:32 PM, jamesd at echeque.com 
>> <mailto:jamesd at echeque.com> wrote:
>> Assume the processing is shardable with mutually trusting shards that 
>> do not suffer byzantine failure.
> If there is mutual trust -and- the entire chain is not being shared 
> outside the trust circle,'

You are describing a system wildly different from that which I thought I 
had described.

Since I was unclear, will repeat in different words.

The objective is to implement the blockchain in a way that scales to one 
hundred thousand transactions per second, so that it can replace the 
dollar, while being less centralized than bitcoin currently is, though 
not as decentralized as purists would like, and preserving privacy 
better than bitcoin now does, though not as well as Monaro does.  It is 
a bitcoin with minor fixes to privacy and centralization, major fixes to 
client host trust, and major fixes to scaling.

The problem of bitcoin clients getting scammed by bitcoin peers will be 
fixed through merkle patricia, which is a a well known and already 
widely deployed fix - though people keep getting scammed due to lack of 
a planned bitcoin client-host architecture.  Bitcoin was never designed 
to be client host, but it just tends to happen, usually in a way that 
quite unnecessarily violates privacy, client control, and client safety.

Monaro's brilliant and ingenious cryptography makes scaling harder, and 
all mining based blockchains tend to the same centralization problem as 
afflicts bitcoin.  Getting decisions quickly about a big pile of data 
necessarily involves a fair bit of centralization, but the paxos proof 
of stake protocol means the center can move at the speed of light in 
fiber, and from time to time, will do so, sometimes to locations unknown 
and not easy to find.  We cannot avoid having a center, but we can make 
the center ephemeral, and we can make it so that not everyone, or even 
all peers, know the network address of the processes holding the secrets 
that signed the most recent block.

Scaling accomplished by a client host hierarchy, where each host has 
many clients, and each host is a blockchain peer.

A hundred or so big peers, who do not trust each other, each manage a 
copy of the blockchain.

The latest block is signed by peers representing a majority of the 
stake, which is likely to be considerably less than a hundred or so peers.

Peer stake is delegated from clients - probably a small minority of big 
clients - not all clients will delegate.  Delegation makes privacy more 
complicated and leakier.  Delegations will be infrequent - you can 
delegate the stake held by an offline cold wallet, whose secret lives in 
pencil on paper in a cardboard file in a safe, but a peer to which the 
stake was delegated has to have its secret on line.

Each peer's copy of the blockchain is managed, within a rack on the 
premises of a peer, by a hundred or so shards.  The shards trust each 
other, but that trust does not extend outside the rack, which is 
probably in a room with a lock on the door in premises with security 
cameras running.

Yes, any one peer would be exactly like a central bank issuing fiat 
money, if that peer had the majority of stake delegated to it, and if 
clients could not delegate stake to a different peer.

Most people transacting on the blockchain are clients of a peer.  The 
blockchain is in the form of a sharded merkle patricia tree, hence the 
clients do not have to trust their host - they can verify any small fact 
about the blockchain in that they can verify that peers reflecting a 
majority of stake assert that so and so is true, and each client can 
verify that the peers have not rewritten the past.

Scale is achieved through the client peer hierarchy, and, within each 
peer, by sharding the blockchain.

Clients verify those transactions that concern them, but cannot verify 
that all transactions are valid, because the blockchain is too big. 
Each peer verifies the entire blockchain from beginning to end.  If the 
blockchain replaces the US dollar as the world currency, then it will 
rapidly become far too large for any one computer to verify the whole 
thing, so will have to be verified by a group of mutually trusting and 
trusted shards, but each such group of shards is a peer.  The shards 
trust shards of the same peer, which are likely running on the same rack 
in the same locked room under the gaze of the same security camera, but 
they don't trust shards of some other peer.

In each transaction, each client verifies that the other client is 
seeing the same history and recent state of the blockchain, and in this 
sense, the blockchain is a consensus of all clients, albeit that 
consensus is mediated through a small number of large entities that have 
a lot of power.

The architecture of power is rather like a corporation, with stake as 
shares. In a corporation CEO can do anything, except the board can fire 
him and choose a new CEO at any time.  The shareholders could in theory 
fire the board at any time, but in practice, if less than happy with the 
board, have to act by transacting through a small number of big 
shareholders.  Centralization is inevitable, but in practice, by and 
large corporations do an adequate job of pursuing shareholder interests, 
and when they fail to do so, as with woke capital, Star Wars, or the 
great minority mortgage meltdown, it is usually due to substantial part 
heavy handed state intervention.  Google's board is mighty woke, but in 
the Damore affair, human resources decided that they were not woke 
enough, and in the Soy wars debacle, the board was not woke at all but 
gave power over Star Wars brand name to women who threatened them with 
#metoo.  And if this form of distributed power does not always work all 
that well, it fails less badly than anything else we have tried.
Delegated power representing assets, rather than people, results in 
centralized power that, by and large, mostly, pursues the interests of 
those assets.  Delegated power representing people, not so much.

In bitcoin, power is in the hands of a very small number of very large 
miners.  This is a problem, both in concentration of power, which seems 
difficult to avoid if making decisions rapidly about very large amounts 
of data, and in that miner interests differ from stakeholder interests. 
Miners consume very large amounts of power, so have fixed locations 
vulnerable to state power.  They have generally relocated to places 
outside the US hegemony, into the Chinese or Russian hegemonies, or the 
periphery of those hegemonies, but this is not a whole lot of security.

Proof of stake has the advantage that stake is ultimately knowledge of 
secret keys, and while the state could find the peers representing a 
majority of stake, they are more mobile than miners, and the state 
cannot easily find the clients that have delegated stake to one peer, 
and could easily delegate it to a different peer, the underlying secret 
likely being offline on pencil and paper in someone's safe, and hard to 
figure out whose safe.

This email has been checked for viruses by Avast antivirus software.

More information about the cryptography mailing list