[Cryptography] Ynt: Ynt: A new, more efficient consensus protocol

[Vincent Strom]

> So, their solution somehow has to have a functionality like "issue X amount of coins, transfer to address Y, whenever I want". And when that happens, even though you can see it on the chain, you won't be knowing what is happening to it. You can only question to its status up to a point, where they will be making up legally valid excuses because they have the power. And then, there is no difference between using a centralized digital asset or a decentralized one.

Yes, I agree that in the initial phase, the solution would entail CB issuing currency backed by cash. If A deposits cash X, she would get corresponding amount issued on the blockchain. There is a room for foul play here. Perhaps CB can try to make this process as transparent as possible by involving third party etc.

But if you imagine a scenario that all the cash in circulation is is replaced by the blockchain money then central bank operations can be automated through a smart contract. Simplest such contract would borrow and lend with some adjustable interest rate. To first approximation, I am thinking that controlling the interest rate is the only thing CB can do and nothing else.

> Here again, I doubt a central bank would let citizen be in charge of an asset. Moreover, why would people be running mining nodes? Why would the CB pay them? Currently central banks don't pay any money to any individual directly.

As I point out in the paper, the block-makers really need no extraneous incentive due to low cost. Transaction fees would be more than enough. However, the central bank could pay the block-makers nominal "salaries" through block rewards, for securing the network. This would provide even more incentive.

> Assume that I have developed an asic that can do 1MH/s and on average a person's device can do 10H/s (imaginary numbers). Now if I start spamming the network with a million transactions per second, my asic device can calculate 1 million hashes. On the other hand, because an average person does 10H/s, they won't be able to calculate all the hashes in required time, and will fall behind, and perhaps won't be able to find a winning ticket in time. And because I have an asic and I can calculate all the hashes, I will be the only one that is finding valid tickets in given time, and registering blocks.

If there is even a single altruist node then it can filter out the lotteries. But I think there is potentially a problem even in this case.

Powerful nodes (say with infinite hashrate) don't even have to flood the network with transactions. They could simply look through their huge set of UTXOs to find their winning ticket. The UTXO set needs to be very big, because one needs to look through 200 million transactions, assuming 1 million users, to have a good chance of getting a single winning ticket (the seed only depends on the inputs and not outputs or amount). This strategy is not sustainable (because one burns through 200 million UTXOs to produce, say, ~10K UTXOs in the new block) for a single user but if about 10 thousand users collude this becomes viable.

There is a simple way to prevent this. One adds a criteria that the transaction needs to come from an active user to be considered a lottery and that the active users can not accumulate more than, say, 100 UTXOs. This prohibits above brute force tactic. Flooding the mempool by passive nodes is a risk because, if someone does maintain a mempool for lottery tickets, these transactions with fees will be registered in a block resulting in loss of tx fees for no gain.

Regards,
Vincent
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210116/b534eac5/attachment.htm>