fluffypony_censorship.md

monero-project/research-lab#12 wrote:

I believe it's time to seriously review the proof of work algorithm used in Monero in light of the very serious consequences we have all witness with mining centralization in the Bitcoin community.

Some urgency might not be a bad idea, as the window in which we can make such broad and sweeping changes is narrowing.

Shouldn’t you mention my recent revelations as one of the potential the prior art sources of this new found urgency? I mean upstanding open source and all right.

https://www.reddit.com/r/Monero/comments/6r2xsm/is_moneros_anonymity_broken/dl75h7s/?context=3
^^ see the bottom of the yellow highlighted post for mention about blocks+PoW being the problem

Is Monero’s (or All) Anonymity Broken?
^^ summaries here and here

Are DECENTRALIZED, Scalable Blockchains Impossible?
^^ currently not complete, still being written to be more widely published within days

Shocking Crisis Coming to Cryptocurrency (in Sept?)

You’ll probably need my assistance given I’ve been researching, discussing about, and brainstorming the solution to this issue for the past years.

---

This might be a bit too radical/off topic but I think one issue that might be important to consider in PoW is the competitive exclusion principle: http://en.wikipedia.org/wiki/Competitive_exclusion_principle

I don’t believe this will help because ultimately every possible algorithm you can think of can be made at least an order-of-magnitude or two more efficient on custom hardware (per agreement I had with @tromp on this conclusion). And all 14nm/16nm ASICs are only manufactured in two fabs in the world. Mining is inherently a centralization paradigm in many ways. How could we know if some secret mining hardware (or even just very large economies-of-scale making the lowest-cost miner) is not already mining Monero? Why would they tell us if their motivation is to sustain a honeypot?

Even if you force the miner to have a copy of the entire blockchain, and even make disk or memory accesses a significant component of the computation, it can still be made more efficient with customized hardware. And economies-of-scale will I think always win the efficiency race.

We've investigated this before, mostly around Cuckoo Cycle, and at some point it fell by the wayside.

I intensely investigated different memory hard proof-of-work algorithms (some were my own) and even deeply analyzed @tromp’s Cuckoo Cycle. My conclusion is wider in scope: that proof-of-work is an evolutionary cul-de-sac (just “another failed mutation”).

The issue at the highest-level of abstract (i.e. generative essence) conceptualization is that, “impossible to have a fungible token on a blockchain in which the consensus doesn't become centralized iff the presumption is that the users of the system gain the most value from the system due to its monetary function”.

---

Do you think "tangle" type configuration (like IOTA) can be suitable and robust enough to fulfill the main function of Money- to be a storage of value that can be deferred through space/time?

They never showed how it converges without centralized servers enforcing that all transacting participants only run the same Monte Carlo strategy. Apparently given significant defection it will not converge on a single longest-chain, i.e. afaics it doesn’t converge decentralized. It also depends on proof-of-work (PoW).

The alternative for a DAG which does converge and doesn’t rely on PoW is Byteball’s Stability Point algorithm, but this has the downsides that I discussed with its creator @tonych last year. It has a peculiarity that afair transaction fees don’t scale with increasing exchange price of the token. More generally, essentially this is a closed set of delegates which decide the longest-chain, thus has the same weakness of TenderMint (and Vitalik’s Casper) in that if more than 33% or 50% (or what ever is the liveness ratio) stop responding then the longest-chain doesn't advance and requires a hard fork to unstuck, i.e. it is deterministic finality of confirmation not probabilistic as is the case for PoW.

^{(Note: this comment never appeared on Monero’s Github because @fluffypony banned me. I’m writing it now for the first time)}

I know your thoughts on Monero as far as the tech, but any thoughts on where the market's taking it? I've been holding a significant amount since $2, so I've had a very nice appreciation. I am wondering if it's maybe topped out for now and with your analysis, I am thinking it's best to just move out of it completely or at least 50%. I like LTC for it's stability and as a bit of a hedge on BTC. What do you think on BCC? I don't really like it and I know your thoughts on the likely eventuality and I already have my majority holding in BTC, so would it possibly be a good thing to hold as a hedge as well, or stick with LTC? Thanks!

I’m going to share this with others in our private chat here (and probably also on my Gist) and get their feedback also.

Congrats on hodling XMR since $2. The chart looks to me like it might rocket back up to another spike yet, but overall I think the chart looks very precarious and eventually probably going to decline. It appears to be repeating a pattern from 2014-5 where it spiked up (because of @rpietila!) and then came back down lower than the lowest of the dips on the spike up. This current spike appears to be driven by the RingCT upgrade (adding value hiding) and the lying propaganda that Monero’s adaptive block size is some advantage w.r.t. to Bitcoin’s Scalepocalypse (which in my upcoming blog I have clearly explained it isn’t).

Thus to me it appears to be two spikes driven by overzealous lies (that the proponents really believed and are still maybe in delusion about!) and propaganda.

So yeah, at $50 I would be taking some profits on XMR and thinking about where to shift the funds. I would probably take 25 - 33% profits now or anytime it is above $50. And then on any spike, I would be at least 50% out of it, and probably more in the realm of 80% out. I would not sell all, but keep a stoploss perhaps around $35 - $40 to sell all if drops that low (as I’m thinking in that case it is headed perhaps down to 0.005 - 0.0013 BTC, so the stoploss decision also depends on the BTC price).

LTC is perhaps only stable in the sense that if you buy it at 0.01x then you can’t likely lose too much and the upside is in the realm of 0.03 - 0.05. Above 0.02 I expect high volatility.

I’m holding all my BCC/BCH from the fork off aiming for $1000 - $1500 to take profits. I’m probably not interested to buy more unless if it drops to $150 - $200, i.e. less than 0.005 BTC then I probably can’t resist to buy more as it seems like a nobrainer (but still I would not go too excessively overweight because the BTC forking outcome is likely to be very chaotic and I don’t want to get trapped in something that dies).

I haven’t studied Byteball’s chart (remember I was telling everyone to buy it when it was $1m marketcap), but really that is the only DAG thing that isn’t total nonsense, so it might get some inflows with the Scalepocalypse worsening perhaps in September and Byteball’s second phase of their onboarding plan kicking in about now (giving discounts to merchants and I don’t expect it to work very well but it is probably good for the hype value near-term).

Personally as BTC hits $4000 - $5100, I’m taking some profits into US dollars and waiting for a crash in crypto due to BTC+SegWit potentially being stolen back to TRB perhaps by Sept/Oct/Nov.. It is difficult though to predict when TSHTF. I need some US dollars any way for my ongoing expenses. I don’t have a lot of BTC to speculate with anyway.

Further on the topic of Monero’s future…

Afaics, Monero has always had the problem that it really doesn’t address any real market or effectively solve any problem that people have. I think that is the reason for the spikes in price because people suddenly think Monero has become relevant with RingCT, Kovri/I2P integration, adaptive block size, and “egalitarian PoW”, but now via my lucid writings coming to realize it was all a mirage. So then back to the drawing board for Monero to try to figure out some relevancy in the cryptospace for their stillborn cryptocurrency.

@mbarkhau wrote:

I think Bram Cohen has an idea he calls "Proof of Space" which is worth pursuing.

Proof-of-Space is a researched concept already.

@catcow wrote:

Proof-of-Capacity satisfies these requirements, as storage space will always be readily available and cannot be optimized dramatically by specially designed hardware, and storage itself uses no electricity.

Huh? Reading and/or writing from a hard disk or SSD does indeed consume electricity. Idle storage that isn’t accessed doesn’t offer any PoW function.

Proof-of-storage is not going to stop customized hardware from being created which operates at orders-of-magnitude higher electrical efficiency. You’re thinking that hard disks are commodities and thus economy-of-scale can’t attain any cost advantages. But commodity disk storage is not designed for maximum electrical efficiency. Rather it is designed for maximizing performance and costs per byte.

The amortization of the hardware cost is not the major cost component of mining. Rather it is the electrical consumption cost that is, especially when a entity has a near monopoly on an orders-of-magnitude advantage. For ASICs, there are only two fabs in the world which can deliver 14nm and they have of course limited output capacity. Ditto for any customized hardware designed to maximize electrical efficiency of hard disk sized space.

@iamsmooth (this is smooth from BCT and Steemit and smooth_xmr from Reddit) wrote:

But in that very same paragraph you dismiss a lot of advantages to a more egalitarian algorithm including greater pressure on those who do achieve economies of scale to remain honest because they are less likely to achieve total dominance, and preventing access to hardware from itself becoming a source of (potentially catastrophic) centralization.

How is that you figure the lowest-cost marginal miners don’t eventually aggregate more profit and thus more hashrate share over time?

Craig Wright also debunked the microeconomics plausibility of egalitarian mining.

The access to commodity hardware doesn’t help when those with higher economies-of-scale are (probably surreptitiously) continually adding hashrate share because they are more profitable due to their higher electrical efficiency, because as I analyzed in the past, every possible PoW that could be envisioned, can be implemented orders-of-magnitude more efficient with customized hardware.

One other quibble. In addition to the consensus role you described (enumerated list), PoW also serves to distribute coins without becoming a source of concentrated wealth or power that may serve to undermine the legitimacy of the token or the ability of the broader base of users and investors to have any influence. To serve this role requires that mining remain economically competitive and lack significant barriers to entry. An oligopoly of miners who are able to exclude entrants and mine at a high sustained profit margin might work perfectly fine from the point of view of timestamping (hell, even an actual monopoly might work if, as satoshi suggested, the monopoly miner sees mining honestly as more profitable than attacking the network) but would be a massive fail for distribution.

Good to know you understand why every PoW distributed coin is surreptitiously majority held by those with the most economies-of-scale. We observe now Bitmain preparing to take control for its clients who remain anonymous. Don’t fool yourself into thinking your silly CryptoNight PoW algorithm has been a defense. Rather it is only a way of obfuscating the honeypot reality from fools who can’t read (see above). With the mining surreptitiously centralized, Monero is undoubtedly a honeypot and I challenged you guys to do the rigorous math, but so far nothing from your side but silence.

I agree on the point of at least thinking about alternatives in the event it becomes necessary to 'fire the miners'.

Implausible. You can only fork off your coin regularly into the PUBLIC CONFIDENCE stampede abyss attempting to do so, as I recently argued.

@onidlo wrote:

Quantifying Decentralization

I posted a rebuttal at Medium:

This entire blog is nonsense because:

enumerate the essential subsystems of a decentralized system,

Impossible due to Sybil attacks on all the metrics you can measure w.r.t. to who controls the consensus mechanism in PoW and PoS.

As for Ethereum, it is obviously not decentralized because one man (King Vitalik) had the power to hard fork it. What is all this nonsense about measuring clients. In PoW, the nodes have no economic relevance whatsoever. Hashrate and stake distribution determines the control and both of those can be Sybil attacked.

@DanielPlante wrote:

There is a PoW + PoResource (ie, DRAM) that can't be spoofed.

The explanation is here: https://twitter.com/Daniel_Plante/status/846930293164457984

Once again you simpletons have not thought this out. Commodity DRAM is designed to balance power consumption with latency and random-access speed to optimize a general purpose computing pattern.

Any algorithm you can think of it is going to be orders-of-magnitude more electrically efficiently implemented by using custom hardware suited to optimize the pattern of access you are advocating.

Even if you dream up a randomizing access pattern similar to Monero’s existing CryptoNight, there are still ways to optimize trading storage for computation. I did this deep analysis already.

General purpose computing commodity hardware can never be as efficient as customized hardware for a specific algorithm.

Fuhgeddaboudit!