67 comments

[ 0.30 ms ] story [ 143 ms ] thread
PoW coins outside Bitcoin will never work. This will continue to happen over & over again to every smaller PoW chain
What issues has Ethereum run into as PoW? I've only heard about contract vulnerabilities.
PoW is leader based consensus. It’s slow and can’t handle millions of simultaneous payments. Why do new distributed ledger technologies still prefer to use it, when there are other, far faster consensus algorithms out there?
Probably because they're not trying to actually solve a problem. They're just on the hype train.

More seriously, if the name of the game is efficiency then a distributed ledger isn't the answer.

> More seriously, if the name of the game is efficiency then a distributed ledger isn't the answer.

And if you're only looking for immutability, then time-stamping is already good enough (and available since the late 90s or so). I suppose you can use a Merkle tree and then proceed to put "Blockchain" in your marketing materials without technically lying.

BCH at 32 MB blocks can handle 108 Tx/s. It would only need to grow to 6 GB blocks to handle the 20k Tx/s that VISA claims they can handle. It would only need to grow to 600 MB blocks to handle the 2k Tx/s that VISA handles on average.

600MB every 10 minutes is no sweat for even modest internet connections nowadays.

With technology like weak blocks and the lighting network and other side-chains the network can handle it no problem.

This is pretty offtopic, but the amount of time it takes to download the block isn't the only factor, amount of time to process & verify the block is pretty important as well as the storage costs etc.

That's all pretty moot at the moment as BCH is averaging ~50kb blocks.

This statement is against the spirit of HN. Although I agree that none of other pow coins currently have as robust code, but making an absolute statement like that is not rational.

You are saying every merge in the core code protocol is trusted by you even if that code has not even been written yet.

Well on point, PoW dint work on Bitcoin as well. The only reason it dint become a problem was that Bitcoin wasn't famous at that time. From Digital Gold by Nathaniel Popper:

Laszlo’s CPU had been winning, at most, one block of 50 Bitcoins each day, of the approximately 140 blocks that were released daily. Once Laszlo got his GPU card hooked in he began winning one or two blocks an hour, and occasionally more. On May 17 he won twenty-eight blocks; these wins gave him fourteen hundred new coins that day.

Satoshi knew someone would eventually spot this opportunity as Bitcoin became more successful and was not surprised when Laszlo e-mailed him about his project. But in responding to Laszlo, Satoshi was clearly torn. If one person was taking all the coins, there would be less of an incentive for new people to join in.

“I don’t mean to sound like a socialist,” Satoshi wrote back. “I don’t care if wealth is concentrated, but for now, we get more growth by giving that money to 100% of the people than giving it to 20%.”

As a result, Satoshi asked Laszlo to go easy with the “high powered hashing,” the term coined to refer to the process of plugging an input into a hash function and seeing what it spit out.

But Satoshi also recognized that having more computing power on the network made the network stronger as long as the people with the power, like Laszlo, wanted to see Bitcoin succeed.”

One can imagine the outrage it will cause if it happened today.

These kinds of shenanigans have been happening a lot on a small PoW chain called Amoveo. It’s been interesting to follow it since the founder is very honest and forthcoming about its difficulties, in contrast to most other blockchains.
This is because, in decentralized networks that obstinately refuse to grant any special authority to third parties, accurately enforcing time synchronization is no simple matter.

That depends on what you’re going for. The concept of time is actually a local phenomenon, as relativity shows. To compare whether events A and B happened first, you must first trace some path from A and B to a third party C (maybe C = A or B if you really want) and then ask C which came first.

We had to deal with this when building our DLT. See this: https://intercoin.org/technology.pdf

Relativistic effects are irrelevant at the level of precision required for running a system distributed across the surface of Earth, what you are describing is just due to a lack of properly synchronized clocks. Place an atomic clock at each node and there is no need for any C deciding the ordering of A and B. Alternatively you may also be able to use logical clocks like a Lamport clock or a vector clock to establish an ordering in a distributed system in absence of properly synchronized clocks but that depends on the use case.
No. Relativity is actually a special case if this general principle.

For a large and complex network, events A and B which are very far apart cannot be compared in any canonical way. The larger the network the less they can be compared.

However, A can come before B relative to some reference point C.

That’s enough to achieve most things. The point is that you shouldn’t have a global and continuous sense of time in distributed systems. Leslie Lamport has developed many things including vector clock over the years to address this.

Our PTN is just the latest in a long line of examples.

When you say that you have “no need” for C once you have synchronized clocks, not only are you ignoring relativity but you are also ignoring the byzantine generals problem. If Han Solo can benefit from claiming he shot first, why would I trust his clock? If you’re implementing a video game or cryptocurrency in a byzantine resilient way, how exactly would you have a continuous global sense of time? Go ahead the floor is yours.

You are mixing two things up - figuring out the time an event happened and trusting a timestamp that someone attached to an event. Within a single inertial reference frame there is a canonical way to order events, namely by the time coordinate in that reference frame which is the same everywhere. And for all practical purposes of building a distributed system on Earth, Earth is an internal reference frame. Ensuring that nobody cheats when assigning time stamps to events is an entirely different problem. As said, hand an atomic clock to everyone and you can know the order of any two events, relativity plays no role. Making sure that nobody can or will cheat will require some more effort, but again relativity plays no role.
You didn’t explain how a distributed byzantine system can synchronize a global time that’s continuous.

I am saying that you won’t be able to — local time is continuous and you should use that for comparisons.

It’s nowhere near as straightforward as you think to make global time work. You will find that “making sure nobody can or will cheat” will require exactly the kind of effort that will make the concept of a global timestamp meaningless. Also, why do you need a global timestamp in the first place? Upon further reflection you will probably realize that all your concepts of time actually require exactly what I said: two paths to the same local reference point, where a comparison is made.

Your ideas about global time are an illusion based on simplifying assumptions that are not true.

I only object your claim that relativity - as in special or general theory of relativity - has any bearing on the design of distributed systems on Earth. In particular, you can order events occurring at different places if you have properly synchronized clocks. The fact that a common solution is to use logical clocks like Lamport clocks is because it is easier to do so than to maintain a network of precisely synchronized clocks. But that does not mean it can not be done with synchronized clocks, see for example Google's Spanner [1] database.

I never addressed what else is necessary to make this work in the presence of Byzantine faults. But I am also pretty sure that just sending information about events from A and B to C and asking C about the ordering is not sufficient, after all C may be faulty and give a wrong answer, change its mind after every query, or just not respond at all. Admittedly you did not provide many details, so I may very well totally misunderstand what you had in mind.

But, just to repeat, I am not really addressing the requirements of a Byzantine fault tolerant system, I am just saying that the special or general theory of relativity is not relevant for distributed systems on Earth.

[1] https://en.wikipedia.org/wiki/Spanner_(database)

I think you misunderstood my point.

I said that relativity is a special case of this principle that time is a local phenomenon.

Which is not really true, time is frame depended, not location depended. Just take the twin paradox, when they start and later meet again, they are in the same place but different amounts of time have passed for each of them. The closest thing I can think of is that the ordering of two events is not ambiguous if they are timelike separated while for spacelike separated events you can find different reference frames which disagree on the order of the events.
What you said doesn’t disprove what I said :)
Given that we have never actually defined what »time is a local phenomenon« is supposed to mean, that may or may not be true. But given that relativity puts time and space on a more equal footing than Newtonian mechanics, where you now can turn time into space and space into time, I remain pretty doubtful that something that can be summarized as »time is a local phenomenon« is likely to be interesting and correct because it seems to point in the direction of not treating time and space in a unified manner.
Listen, space is a local phenomenon too. It is just about correlations.

A lot of the nonlocal effects in De Broglie Bohm theory become classical once you consider close-by objects and neighborhoods. They are just super correlated.

Why? We don’t know. But with so many correlations, you can compare way more easily between them.

https://www.wired.com/2016/01/quantum-links-in-time-and-spac...

This still does not answer what you mean with »time is a local phenomenon«. What feature of time is local and in which sense? And I am even more skeptical about »space is a local phenomenon«, I mean »local« means »close in space« and therefore it seems you are saying something recursive, i.e. space has some property within itself which doesn't really make sense, at least to me.

So unless you can define or at least explain in more detail what you mean with »time (or space) is a local phenomenon«, we won't really get anywhere.

Are Lamport and vector clock mechanisms robust in the presence of nodes controlled by bad actors, who may be colluding through a hidden network?
No, they are just for establishing [partial] orderings of events, they are not designed to be resistent against adversarial behavior.
As you acknowledge, C is a third party, and therefore outside of the scope of the quote.
>>>In both cases, this hack presents a strong argument for tending towards sticking to things proven to work and to be wary of overcomplicating things and thereby introducing unnecessary risks when people’s financial assets are involved. Which, I suppose, means two points for team Bitcoin.

What? The same bitcoin that is betting everything on an untested and incredibly complex second-layer protocol called "lightning network" instead of just scaling with larger blocks?

It's indeed delusional to claim that Bitcoin developers have peoples' financial assets in mind when they celebrate fees of $50 and produce nothing else than "wait for second layer solutions they will magically solve everything".
fee for my last transaction was $0.30.
It sure wasn't around new years when this happened. The fees dropped because nobody wants to use it anymore, this notably includes Steam and Stripe.
> instead of just scaling with larger blocks

Blocks will need to be ~5TB to match Visa transaction volume. Some lightning network advocates are concerned about the effect that a size increase necessary to support even a fraction of this volume would have on mining centralization.

Other concerns are listed here https://en.bitcoin.it/wiki/Block_size_limit_controversy and here https://en.bitcoin.it/wiki/Scalability_FAQ#General_Block_Siz...

And they use that as an argument against any increase which is completely insane.
> Blocks will need to be ~5TB to match Visa transaction volume.

No, it's on the order of 3 gigabytes. Visa claims they can handle up to 25k Tx/s.

226 B / Tx. 600 sec (10 min) per block.

(25000 Tx / s)(226 B / Tx)(600 s / block) = 3.39 • 10^9 B / block

Visa normally handled around 2k Tx/s, which would only require a few hundred megabytes per block.

"Reality, however, often has a way of stubbornly refusing to conform to the axioms of free market economics."

Great article.

(comment deleted)
"Exactly how the largest protocol-level hack of a cryptocurrency in recent memory could preceed said cryptocurrency increasing in price and then announcing a partnership with the most trafficked porn-site on the internet is a question I’m forced to leave open-ended; my personal pet-theory is that it has something to do with the fact that the world makes no sense and human beings are all completely out of their goddamn minds."
Please don't quote portions of the article with no added commentary or insight.

We're all capable of reading and recognizing well-written portions of the posted content.

This was a particularly interesting bit though and I was hoping some people might explain/comment more about it.

It seems that getting your crypto-currency hacked gives publicity and boosts value! See also: the Experian hack.

Clearly any plans with pornhub.com would have been made prehack. As to the value of the cryptocommodity (I refuse to call them currencies)... it’s like the author said.
Please do, I personally often read the comment section only, and something tells me I am not alone in this...
One can always invent blockchain buzzwords like "Dark Gravity Wave" but even copying code requires understanding of algorithms.
I snorted when I first heard the term. An old co-worker used to call 'universal differential', for weeks. Yeah that was IF statement.
This hack results from a basic design error: for difficulty adjustment to work properly, the window of recent blocks it considers must be relatively immune to time stamp manipulation. In other words, the allowed timestamp drift must be much smaller than the adjustment time window. Bitcoin allows a 2 hour drift, but has an adjustment window of 2 weeks.

In verge's case, both are identical, at 2 hours. This is an open invitation to difficulty adjustment abuse.

> In verge's case, both are identical, at 2 hours.

Naive question - is verge adjustment window defined in block time (as opposed to "human" time)? because

> Bitcoin allows a 2 hour drift, but has an adjustment window of 2 weeks.

The adjustment window is technically 2016 blocks, which is about two weeks in human time, but can in theory vary greatly if mining capacity fluctuates.

I went looking through the source code and found that the adjustment window is indeed defined in block time as PastBlocksMax = 12 while nProofOfWorkTargetSpacing = 150 (half a minute for each of 5 different pow algorithms), giving an expected adjustment window of 12 * 150 = 1800 seconds.

Apparently, the adjustment window, which needs to be way longer than the allowed timestamp drift, is in fact way shorter...

At that point, I got a bit scared, too.

This feels way too much against the rule of thumb that code consuming untrusted input should never be able to modify or control it's own configuration or binaries (or, more generally, trusted input). In this case, the attacker can hijack 50% - 100% of the configuration of the weighting algorithm. For bitcoin, you can control around 4% at most without risking immediate attention. Unless mining speed increases by a factor of 40 or 50 suddenly.

Is it possible to add (Cryptocurrency) after ‘The Verge’ in the title please? I thought it referred to the news outlet.
(comment deleted)
I was not aware that The Verge was still moving forward after Joshua Topolsky left, and their show "On The Verge" was cancelled.
Not sure who said it first, but cryptocurrency truly is the Internet-wide bug bounty.
What does that mean? How is it different than Google being an Internet-wide bug bounty?
it means, you wont get magical internet money when you hack google
(comment deleted)
The gate metaphors in the article are so messed up they distracted me from the actual story.

  >> Gates Only Work When They’re Raised
Well normally gates swing open and shut, maybe you mean some kind of portcullis, like in a castle? You have to raise those to open them.

  >>  a gate that’s far too strong to break 
  >>  through and too high to climb over — 
  >> this hack gets past it by finding a way 
  >> to lower it so close to the ground that 
  >> it can be stepped over
So now gates rise out of the ground? I don't think the author has seen an actual gate.
Lol I'm with you on this, I struggled too
I'm very curious about the price increase.

The only thing that comes to mind how something like that would be possible is if the news trends generated by this were somehow driving algorithmic trading .. either that or people investing in something they're just hearing of for the first time.. But even these possibilities don't seem rational.

It just doesn't seem to make much sense... unless the whole thing was being driven and pushed by some larger unknown actor with a lot of resources .. (state government, goldman sachs, etc.)

But what lunatic reads of the hack - then invests!?
I'm guessing an algorithmic one, which invests based on "buzz" and/or price trends leading to positive feedback cycles.
This hack underscores the need for formal modeling systems like TLA+ or Coq. Essentially, you define successor state axioms, where:

1. start with a seed state.

2. non-deterministically choose the next step (e.g. submit a tx)

3. ask the system to prove the inverse of an invariant you want to check (e.g. hash power cannot fall below X% of total network power.)

Decentralized protocols have bugs; trust only what you can prove.

So basically this time warp hack is allowing eval() on the chain history... What could go wrong?
> Indeed, major cryptocurrencies like Bitcoin and Ethereum have maintained their security quite well — better, arguably, than any other digital asset/payment system in history

Am I missing something? And here I thought having to hard fork your currency goes in the “not very secure” bin.

Can someone who touts the “but it’s decentralized!!” aspects of these systems- please to explain to me how an algorithm that adjusts mining difficulty is not a centralized and possibly destructive feature in control of a handful of people?