[Cryptography] Proposal for a PoS blockchain

matbit at airmail.cc matbit at airmail.cc
Mon May 25 07:06:14 EDT 2020

Thanks for comments. I try to response all. please let me know if the 
answers were convincing or not. Or if there are another questions or 
unclear points. I appreciate all professional’s comments, hints, tips or 

> I find unlikely everyone would evaluate daily the work done by every 
> contributor.
- It is only a mental barrier. If I know some professionals going to 
judge my stuff, I won’t close myself, instead I learn and improve 
- not necessarily ALL HAVE TO VOTE or ALL WILL VOTE, only 51% 
confirmation will be enough for approving a proposal.
- not necessarily ALL WILL vote, since voting is not free (like every 
activities in this network). The voter must pay a little ballot fee.
- after all, over time we can improve polling system to some more 
efficient alternative systems. For example we can implement a liquid 
democracy model in which Voters can either vote directly or delegate 
their vote to other professionals or we can use some quadratic voting 
where individuals allocate votes to express the degree of their 
preferences, rather than just the direction of their preferences.

> There is a perverse incentive for shareholders to undervalue the work 
> by other people (up to zero).
Let imagine the network consist of me myself only as initiative 
shareholder. Obviously I get all new money, but what is the point? If I 
do not find somebody whom accepts my money in exchange of her/his goods 
or services, the money worth nothing forever. Because of human nature, 
we prefer to keep more coins for ourselves. If it is not possible so we 
will divide coins between as less as possible people, and if this is not 
possible too, we will divide it between our clan.
But none of these 3 approaches will help our network -particularly our 
money’s value-, because “The money’s value come from the exception of 
future purchasing power.”. people accept the coin in exchange of their 
good or services, because they believe in tomorrow can pay that money 
and buy another goods or services.
Therefore the network has to be expanded and embraces new members to 
raise up the money usability and applicability in order to advance 
market range. Bigger community means less daily coins for each, But also 
means more usability and applicability for the community’s money.
Hence community has to be grown and every decisions made by polling, the 
community has to add more and more honest person and not corrupted one. 
Otherwise community die in early steps and their money will never be a 
valuable asset. Implicitly there will be no reason for developer to 
participate in development any more.

> If the good shareholders can remove corrupt shareholders, so could 
> corrupt shareholders remove honest ones. > In fact, they would probably 
> be more motivated for doing so.
It is possible for both groups, but we should consider the motives of 
establish a network. If I start a community, my motives are all about 
“common good”, and I strongly stand for it. In sequence who join the 
network and I approve her/him participation, will have same intentions 
or at least covers large part of my intentions. So over time the 
community which formed around certain principals, contains the members 
that have almost same mindset. BTW “this network” and its “rules” and 
“value of its money” all are governed by majority of community via 
polling for every single decision. If majority are good, the entire 
community and its money will be good, otherwise community and its money 
will collapse -let alone the fact that this kind of corrupted community 
can not be formed in first place-.
After all, the software is and will be free(libre) and open source. In 
worst case, if the 51 percent bad people can dominant the network, the 
49% good member of community can fork new coin and resume the network 
and history, and chain info and every single details of network in new 
graph. They only dismiss the shares of 51 % corrupted and everything 
will be fine. Note that, the good community do not need to dismiss money 
of bad actors. They just need to reform the community.

> You cannot "immediately record the transactions in the blockgraph", 
> since there is no one single blockgraph.
> Remember you are working with several lines that are then merged.
> That's why you have that settlement time of 12 hours (it could be any 
> other amount as well, like 5 minutes).
> That's an upper limit on which you expect any issue would be solved.
> It's not clear how you would solve conflicts, either. Remember, it is 
> *distributed*.
It is very complex to explain it by I’ll try to do my best, hopefully I 
will create an animation to explain it well, but for now:
Indeed we record the block and its transactions immediately on 
graph(DAG), and it will not reversible at all, but recording a block in 
graph doesn’t mean all of its transactions are valid. So after 12 hours 
a transaction will be matured and its outputs will be spendable. But if 
after 12 hours we find there are two or more transactions which are 
using same inputs but spending it for different addresses, it is a 
double-spend attack and we have to resolve it. Either we determine the 
first spend as a valid one and reject the rests, or we detect ALL 
transactions as invalid and seize the inputs in favor of network 
treasury to penalize the attacker. So lets delve into how we determine 
valid transactions.
Most likely after 12 hours, all leave blocks in last 12 hours are merged 
at least one time and now we can see entire blocks in history of all 
current leaves by moving back in leave ancestors.
For simplicity we assume two transaction x, y that are using same input 
and spending in different outputs. Transaction x take placed in block X 
and transaction y take placed in block Y. The problem is either blocks X 
or Y can claim they are created before the other one(since the nodes 
creates these blocks and attacker can run million cheater nodes). So we 
have XcreationTime and YcreationTime. Since we have a network and 
inevitably we will face propagate delay as well. So, for each node there 
will be XreceiveTime and YreceiveTime, which can/will be different for 
each node. Each node has to decide the order of receiving blocks and 
broadcast it to all neighbors. The nodes have 12 hours to this 
“informative phase”. Of course the node do not this “informative 
activity” for all blocks(avoid overwhelming network). They will start it 
immediately after founding double-spend occurrence and only for that 
particular blocks. So after 12 hours every nodes have votes of every 
other nodes about the receive order of blocks X & Y. Each node has a 
certain amount of network shares and a vote about order. These 
information is already distributed in entire network and now each node 
can decide about which transaction is valid and which not. The result 
for entire nodes will be same. Each node uses the (vote * voterShares) 
to evaluate the blocks order. Note that, for each node the order is 
important and the node do not consider to the percentage of this 
agreement. So a node can figure out the X is before Y by 10 percent 
agreement and the other node reasons for same result X is before Y but 
with 99 percent agreement. Both are ok and X is valid transaction. In 
this formula each node uses only  XreceiveTime and YreceiveTime as the 
unique fact that a node can trust independently.
There are some way to cheating, but for the sake of brevity I stop these 
conflict-resolution-process explanation and hopefully later in that 
animation I’ll explain all possible attack scenarios and the solutions 
as well. But as a last important part of puzzle I would like to note 
about two important timestamps that limits attackers ability. The 
XcreationTime & YcreationTime are the parameters that the attacker can 
set freely. The only control the nodes doing is “if the date is not in 
future”. But after 12 hours, in “import matured transactions” if there 
is double-spending and the gap between  XcreationTime & YcreationTime is 
less that 6 hours, definitely both transactions will determined as 
invalid transactions.

> You mention a daily merge. Who handles that? Isn't that making the 
> system centralized?
When a node wants to create a new block, it has to put the hash all 
current leave blocks in header of new block. So the node will includes 
all leave blocks it knows and they are already existed in its local 
machine DAG. It is a merge, and each node do it several times in day, 
and all nodes doing it as well. Then the node broadcasts new block to 
network. The neighbors will receive this new block and validate it and 
add it to their local DAG as a new leave block. There is no obligation 
for a node to include all leave blocks or not rejecting some particular 
leave blocks when node wants to create new block. If a node do not link 
to a block, probably another node will link to that block and broadcast 
the new leave block. So at a certain time there will be different nodes 
with different leaves and definitely in that certain time we can 
consensus on DAG members older than 12 hours. Most probably the older 
than 12 hours block for all “synchronized” nodes are same blocks, same 
ancestors and same descendants. There will be a catastrophic situation 
in which a group of nodes do not accept the block of certain group of 
computers or the group of computers for any reason do not accept 
transactions of certain accounts. In these cases we will face fork, and 
like other blockchains it must be resolved or will cause two or two 
hundred forks. It looks like a tragedy, but for me it is ok as well, 
since my proposed network is formed around the mindset of its 
population. That is, the network has some “principals and rules” that 
they are coded in software. The participants of network primarily 
accepted the rules, otherwise they never would join to network.  The 
“network”, the “network’s rules” and the “network’s money” are 
essentially “social contract”. If there is conflict in any of these 
issues, either we can solve it or a part of community will leave it and 
create a new community with new money, pretty much like a democracy, but 
with “no cost”. Nothing is bad. I guarantee we will never face this kind 
of problems in our network, due to the nature of this network and its 
“community based” money.

> Rather than waiting for 12 hours, you probably want instead to make it 
> work with confirmations from 51% of the shareholders.
> That could be almost immediate or take several days (worst-case, more 
> than 50% shareholders no longer have active nodes, bringing the 
> currency to a halt).
As I explained before, to resolve the conflict it is just enough to 
after 12 hours determine the order of blocks by each node. So there is 
no need for wait for 51% percent, but definitely there is a threshold 
for minimum confirmation. If the network can not provide even this 
minimum threshold it is not safe at all.
But there is a threat for network in which the shareholder do not run 
nodes. That is, we have two different entity in network, the share 
holders which earned shares by participating in software development (or 
another kind of develop e.g. design, test, translate, tutorials, 
contents…) and we have the backers that dedicate their machine to 
network and run full-nodes and maintain the blockgraph, validate 
transactions and so on. Since we have not PoW and there is no mining, 
the only incentive backers is transactions fees. In early days the 
shareholders and backers are same person, but over time the backers will 
be a group of people that they have small portion of network’s share or 
they have no shares at all. It could be a thread in case of conflict 
resolving. We can implement a kind of delegate sub-system in which the 
share holders rent their shares to backers and give them delegation to 
judge “ONLY in double-spend-resolving” and no more grants. BTW it is an 
open issue to consider in future.

> No, scarcity doesn't give value to the coin.
The  scarcity by itself doesn't give value to the coin. The  scarcity is 
a feature of a “good money”. I state the features of a “good money” 
here, and I believe in money of our network will be a good money.
Generally, the good money must have intrinsic value, Something like 
"labor theory of value" but do not stick that too much. The good money 
must appreciates its value over time. That is, doesn't lose its 
purchasing power even after decades. It must be regulated and do not 
fluctuating too much. It must be scarce and has utility value, meanwhile 
it must has optimal granularity. The good money must support “financial 
sovereignty” and must not be seizeable, also must be cheaply 
transferable. The good money definitely must have 3 classical factor of 
money. Unit of account, Medium of exchange, Store of value.
If you issue a good money, definitely people will buy “good money” in 
exchange the bad, cheap, paper fiat money.

> You would be unlikely to get a pizza that way.
It already happen one time for Bitcoin and definitely will happened for 
this money as well, maybe in 2 years or 3 years. Eventually the first 
day, first person accept this money for a good or service the money will 
have a value, say 1 million equal to one dollar. It will its “price” and 
over time it can increase or decrease.

> You would need to get value through the software being produced.
Absolutely true. “The software” and “its network” and “people who formed 
this network” in whole, they are creating value, in various ways. The 
primarily value they are creating is the software itself, although the 
software is free and no one pay for it, but people use the software to 
transfer money and pay transaction’s fee that goes to network maintainer 
pocket as a kind of income. The second goal for community’s developers 
is adding more and more useful features to software, in order to 
eliminate all Bitcoin shortcomings and make the money more popular and 
user friendly. Every small improvement increases the value of total 
ecosystem. There are immense features and functionalities we can create 
on top of this software and its network.

> For instance, if it's used to manage a restaurant could fund its 
> development by committing to sell X pizzas per newCoin.
This kind of tokens, or coupons already are implemented and without 
blockchain or even internet site they are working perfectly. What I 
proposed is way beyond that.

> Alternatively, its value could come from being fashionable to own 
> newcoins (such as a celebrity praising it).
This is not my intention of using Blockchain technology. My proposed 
money has “intrinsic value” and it is absolutely important to set “real 
value” for a “real work” to solve a “real problem” of “real world”. Of 
course we can implement this kind of tokens (like Ethereum ERC721) on 
top of our network in order to implement a tokenized economy for shared 
assets management,  and it is one of million possibility of our future 
development of the software.

> I see no future for a cryptocoin.
Unfortunately, such a great innovation like blockchain is misunderstood 
so far. I strongly believe the blockchain can be used by the people to 
enhance democracy in order to achieve human prosperity. But in current 
situation, no one practically used it for this mean. Cryptocurrency is a 
form of “social agreement” that we can use it as “means of democracy”. 
Our software will prepare the necessary infrastructure of that, not just 
a new cryptocurrency.

> * The new coins will become actual shares in the company once the 
> product launches.
I think it is better to have two different concept. That is, we have the 
shares, that anybody can acquire by participating in activities and 
accomplish a “real task”. Also we have the coins, that everybody acquire 
because of her/his shares. Participants can spend their coins without 
obligation to miss their shares. Although they can  sell their shares 
too. Each contributor receives money from the treasury for 7 years in 
proportion to their shares. It is a good incentive for participants to 
continue “good act” and not “cheating” or “exit scam”.

> it might work for a software startup, where:
> * You have multiple people working daily to make a product
> * As part of that work they periodically (perhaps daily or weekly) 
> review each others work and evaluate needed tasks, assigning its worth. 
> This could easily fit into scrum ceremonies, for instance.
That’s true, albeit the “software” and “its ecosystem” and “business 
model” are not same as a classic startup, but we can use some mechanisms 
that typically are used in startup running (e.g distributed team 
members, agile/scrum methodology, fast moving, regular releases, and so 
I have dedicated myself 24*7 to this project, although it will not 
necessary for other participators. You all are welcome to join to the 
project, even if one hour per week. we start with software developing 
but definitely do not stop over there. These are some skills we will 
need soon: the programmers, translators, content providers, editors, 
designers, tutorial staff, multimedia providers and so on. Let me know 
if you are interested in participating.


More information about the cryptography mailing list