[Cryptography] Proposal for a PoS blockchain
matbit at airmail.cc
matbit at airmail.cc
Mon May 25 07:06:14 EDT 2020
Thanks for comments. I try to response all. please let me know if the
answers were convincing or not. Or if there are another questions or
unclear points. I appreciate all professional’s comments, hints, tips or
> I find unlikely everyone would evaluate daily the work done by every
- It is only a mental barrier. If I know some professionals going to
judge my stuff, I won’t close myself, instead I learn and improve
- not necessarily ALL HAVE TO VOTE or ALL WILL VOTE, only 51%
confirmation will be enough for approving a proposal.
- not necessarily ALL WILL vote, since voting is not free (like every
activities in this network). The voter must pay a little ballot fee.
- after all, over time we can improve polling system to some more
efficient alternative systems. For example we can implement a liquid
democracy model in which Voters can either vote directly or delegate
their vote to other professionals or we can use some quadratic voting
where individuals allocate votes to express the degree of their
preferences, rather than just the direction of their preferences.
> There is a perverse incentive for shareholders to undervalue the work
> by other people (up to zero).
Let imagine the network consist of me myself only as initiative
shareholder. Obviously I get all new money, but what is the point? If I
do not find somebody whom accepts my money in exchange of her/his goods
or services, the money worth nothing forever. Because of human nature,
we prefer to keep more coins for ourselves. If it is not possible so we
will divide coins between as less as possible people, and if this is not
possible too, we will divide it between our clan.
But none of these 3 approaches will help our network -particularly our
money’s value-, because “The money’s value come from the exception of
future purchasing power.”. people accept the coin in exchange of their
good or services, because they believe in tomorrow can pay that money
and buy another goods or services.
Therefore the network has to be expanded and embraces new members to
raise up the money usability and applicability in order to advance
market range. Bigger community means less daily coins for each, But also
means more usability and applicability for the community’s money.
Hence community has to be grown and every decisions made by polling, the
community has to add more and more honest person and not corrupted one.
Otherwise community die in early steps and their money will never be a
valuable asset. Implicitly there will be no reason for developer to
participate in development any more.
> If the good shareholders can remove corrupt shareholders, so could
> corrupt shareholders remove honest ones. > In fact, they would probably
> be more motivated for doing so.
It is possible for both groups, but we should consider the motives of
establish a network. If I start a community, my motives are all about
“common good”, and I strongly stand for it. In sequence who join the
network and I approve her/him participation, will have same intentions
or at least covers large part of my intentions. So over time the
community which formed around certain principals, contains the members
that have almost same mindset. BTW “this network” and its “rules” and
“value of its money” all are governed by majority of community via
polling for every single decision. If majority are good, the entire
community and its money will be good, otherwise community and its money
will collapse -let alone the fact that this kind of corrupted community
can not be formed in first place-.
After all, the software is and will be free(libre) and open source. In
worst case, if the 51 percent bad people can dominant the network, the
49% good member of community can fork new coin and resume the network
and history, and chain info and every single details of network in new
graph. They only dismiss the shares of 51 % corrupted and everything
will be fine. Note that, the good community do not need to dismiss money
of bad actors. They just need to reform the community.
> You cannot "immediately record the transactions in the blockgraph",
> since there is no one single blockgraph.
> Remember you are working with several lines that are then merged.
> That's why you have that settlement time of 12 hours (it could be any
> other amount as well, like 5 minutes).
> That's an upper limit on which you expect any issue would be solved.
> It's not clear how you would solve conflicts, either. Remember, it is
It is very complex to explain it by I’ll try to do my best, hopefully I
will create an animation to explain it well, but for now:
Indeed we record the block and its transactions immediately on
graph(DAG), and it will not reversible at all, but recording a block in
graph doesn’t mean all of its transactions are valid. So after 12 hours
a transaction will be matured and its outputs will be spendable. But if
after 12 hours we find there are two or more transactions which are
using same inputs but spending it for different addresses, it is a
double-spend attack and we have to resolve it. Either we determine the
first spend as a valid one and reject the rests, or we detect ALL
transactions as invalid and seize the inputs in favor of network
treasury to penalize the attacker. So lets delve into how we determine
Most likely after 12 hours, all leave blocks in last 12 hours are merged
at least one time and now we can see entire blocks in history of all
current leaves by moving back in leave ancestors.
For simplicity we assume two transaction x, y that are using same input
and spending in different outputs. Transaction x take placed in block X
and transaction y take placed in block Y. The problem is either blocks X
or Y can claim they are created before the other one(since the nodes
creates these blocks and attacker can run million cheater nodes). So we
have XcreationTime and YcreationTime. Since we have a network and
inevitably we will face propagate delay as well. So, for each node there
will be XreceiveTime and YreceiveTime, which can/will be different for
each node. Each node has to decide the order of receiving blocks and
broadcast it to all neighbors. The nodes have 12 hours to this
“informative phase”. Of course the node do not this “informative
activity” for all blocks(avoid overwhelming network). They will start it
immediately after founding double-spend occurrence and only for that
particular blocks. So after 12 hours every nodes have votes of every
other nodes about the receive order of blocks X & Y. Each node has a
certain amount of network shares and a vote about order. These
information is already distributed in entire network and now each node
can decide about which transaction is valid and which not. The result
for entire nodes will be same. Each node uses the (vote * voterShares)
to evaluate the blocks order. Note that, for each node the order is
important and the node do not consider to the percentage of this
agreement. So a node can figure out the X is before Y by 10 percent
agreement and the other node reasons for same result X is before Y but
with 99 percent agreement. Both are ok and X is valid transaction. In
this formula each node uses only XreceiveTime and YreceiveTime as the
unique fact that a node can trust independently.
There are some way to cheating, but for the sake of brevity I stop these
conflict-resolution-process explanation and hopefully later in that
animation I’ll explain all possible attack scenarios and the solutions
as well. But as a last important part of puzzle I would like to note
about two important timestamps that limits attackers ability. The
XcreationTime & YcreationTime are the parameters that the attacker can
set freely. The only control the nodes doing is “if the date is not in
future”. But after 12 hours, in “import matured transactions” if there
is double-spending and the gap between XcreationTime & YcreationTime is
less that 6 hours, definitely both transactions will determined as
> You mention a daily merge. Who handles that? Isn't that making the
> system centralized?
When a node wants to create a new block, it has to put the hash all
current leave blocks in header of new block. So the node will includes
all leave blocks it knows and they are already existed in its local
machine DAG. It is a merge, and each node do it several times in day,
and all nodes doing it as well. Then the node broadcasts new block to
network. The neighbors will receive this new block and validate it and
add it to their local DAG as a new leave block. There is no obligation
for a node to include all leave blocks or not rejecting some particular
leave blocks when node wants to create new block. If a node do not link
to a block, probably another node will link to that block and broadcast
the new leave block. So at a certain time there will be different nodes
with different leaves and definitely in that certain time we can
consensus on DAG members older than 12 hours. Most probably the older
than 12 hours block for all “synchronized” nodes are same blocks, same
ancestors and same descendants. There will be a catastrophic situation
in which a group of nodes do not accept the block of certain group of
computers or the group of computers for any reason do not accept
transactions of certain accounts. In these cases we will face fork, and
like other blockchains it must be resolved or will cause two or two
hundred forks. It looks like a tragedy, but for me it is ok as well,
since my proposed network is formed around the mindset of its
population. That is, the network has some “principals and rules” that
they are coded in software. The participants of network primarily
accepted the rules, otherwise they never would join to network. The
“network”, the “network’s rules” and the “network’s money” are
essentially “social contract”. If there is conflict in any of these
issues, either we can solve it or a part of community will leave it and
create a new community with new money, pretty much like a democracy, but
with “no cost”. Nothing is bad. I guarantee we will never face this kind
of problems in our network, due to the nature of this network and its
“community based” money.
> Rather than waiting for 12 hours, you probably want instead to make it
> work with confirmations from 51% of the shareholders.
> That could be almost immediate or take several days (worst-case, more
> than 50% shareholders no longer have active nodes, bringing the
> currency to a halt).
As I explained before, to resolve the conflict it is just enough to
after 12 hours determine the order of blocks by each node. So there is
no need for wait for 51% percent, but definitely there is a threshold
for minimum confirmation. If the network can not provide even this
minimum threshold it is not safe at all.
But there is a threat for network in which the shareholder do not run
nodes. That is, we have two different entity in network, the share
holders which earned shares by participating in software development (or
another kind of develop e.g. design, test, translate, tutorials,
contents…) and we have the backers that dedicate their machine to
network and run full-nodes and maintain the blockgraph, validate
transactions and so on. Since we have not PoW and there is no mining,
the only incentive backers is transactions fees. In early days the
shareholders and backers are same person, but over time the backers will
be a group of people that they have small portion of network’s share or
they have no shares at all. It could be a thread in case of conflict
resolving. We can implement a kind of delegate sub-system in which the
share holders rent their shares to backers and give them delegation to
judge “ONLY in double-spend-resolving” and no more grants. BTW it is an
open issue to consider in future.
> No, scarcity doesn't give value to the coin.
The scarcity by itself doesn't give value to the coin. The scarcity is
a feature of a “good money”. I state the features of a “good money”
here, and I believe in money of our network will be a good money.
Generally, the good money must have intrinsic value, Something like
"labor theory of value" but do not stick that too much. The good money
must appreciates its value over time. That is, doesn't lose its
purchasing power even after decades. It must be regulated and do not
fluctuating too much. It must be scarce and has utility value, meanwhile
it must has optimal granularity. The good money must support “financial
sovereignty” and must not be seizeable, also must be cheaply
transferable. The good money definitely must have 3 classical factor of
money. Unit of account, Medium of exchange, Store of value.
If you issue a good money, definitely people will buy “good money” in
exchange the bad, cheap, paper fiat money.
> You would be unlikely to get a pizza that way.
It already happen one time for Bitcoin and definitely will happened for
this money as well, maybe in 2 years or 3 years. Eventually the first
day, first person accept this money for a good or service the money will
have a value, say 1 million equal to one dollar. It will its “price” and
over time it can increase or decrease.
> You would need to get value through the software being produced.
Absolutely true. “The software” and “its network” and “people who formed
this network” in whole, they are creating value, in various ways. The
primarily value they are creating is the software itself, although the
software is free and no one pay for it, but people use the software to
transfer money and pay transaction’s fee that goes to network maintainer
pocket as a kind of income. The second goal for community’s developers
is adding more and more useful features to software, in order to
eliminate all Bitcoin shortcomings and make the money more popular and
user friendly. Every small improvement increases the value of total
ecosystem. There are immense features and functionalities we can create
on top of this software and its network.
> For instance, if it's used to manage a restaurant could fund its
> development by committing to sell X pizzas per newCoin.
This kind of tokens, or coupons already are implemented and without
blockchain or even internet site they are working perfectly. What I
proposed is way beyond that.
> Alternatively, its value could come from being fashionable to own
> newcoins (such as a celebrity praising it).
This is not my intention of using Blockchain technology. My proposed
money has “intrinsic value” and it is absolutely important to set “real
value” for a “real work” to solve a “real problem” of “real world”. Of
course we can implement this kind of tokens (like Ethereum ERC721) on
top of our network in order to implement a tokenized economy for shared
assets management, and it is one of million possibility of our future
development of the software.
> I see no future for a cryptocoin.
Unfortunately, such a great innovation like blockchain is misunderstood
so far. I strongly believe the blockchain can be used by the people to
enhance democracy in order to achieve human prosperity. But in current
situation, no one practically used it for this mean. Cryptocurrency is a
form of “social agreement” that we can use it as “means of democracy”.
Our software will prepare the necessary infrastructure of that, not just
a new cryptocurrency.
> * The new coins will become actual shares in the company once the
> product launches.
I think it is better to have two different concept. That is, we have the
shares, that anybody can acquire by participating in activities and
accomplish a “real task”. Also we have the coins, that everybody acquire
because of her/his shares. Participants can spend their coins without
obligation to miss their shares. Although they can sell their shares
too. Each contributor receives money from the treasury for 7 years in
proportion to their shares. It is a good incentive for participants to
continue “good act” and not “cheating” or “exit scam”.
> it might work for a software startup, where:
> * You have multiple people working daily to make a product
> * As part of that work they periodically (perhaps daily or weekly)
> review each others work and evaluate needed tasks, assigning its worth.
> This could easily fit into scrum ceremonies, for instance.
That’s true, albeit the “software” and “its ecosystem” and “business
model” are not same as a classic startup, but we can use some mechanisms
that typically are used in startup running (e.g distributed team
members, agile/scrum methodology, fast moving, regular releases, and so
I have dedicated myself 24*7 to this project, although it will not
necessary for other participators. You all are welcome to join to the
project, even if one hour per week. we start with software developing
but definitely do not stop over there. These are some skills we will
need soon: the programmers, translators, content providers, editors,
designers, tutorial staff, multimedia providers and so on. Let me know
if you are interested in participating.
More information about the cryptography