which means it does not work against sybil attacks. This is a hard problem, and it's sort of disappointing that it's not mentioned in the techxplore.com article you posted. Bitcoin solves this problem, but this paper does not.
Too bad... I was so happy to believe there was some progress.
So, why is it a problem here and not for bitcoin?
Is it because in bitcoin to own a node is costly, and not here? (it seems like the new system runs on normal signatures, thus quite cheap)
In this system, a node would poll a bunch of other nodes to find out whether a transaction occurred or not. If a sybil attacker created 10,000 nodes to link up to the network, who all said the transaction didn't occur, and overwhelmed a victim node, then it could fool that node. So imagine an exchange that was trying to find out if a transaction occurred or not, and a sybil attacker wanted to prevent the exchange from finding out. The sybil attacker might own a bot network with millions of nodes, so that it held 99% of the exchange's connections to the outside world. Any polling of other nodes would always show false, because the sybil attacker drowned out the honest nodes.
In Bitcoin, running a node is not costly. The miner, however, has to solve the next hash in order to write a block. This, as most people know, takes a huge amount of processing power to have a reasonable chance of doing so. The block produced then contains this information, ie proof the hash was solved.
So, again if a sybil attacker held 99.9% of nodes and the exchange node held only one other connection to a node was honest, if that honest node transmitted the block, the exchange's node would see the block had a huge amount of processing power spent on it, and hence must be valid, even if all the sybil attackers nodes said it didn't exist.
But then, if the nodes are backed by things "costly to create", or better "that everybody owns at most once" that seems fine.
For example it could be backed by some verified social network accounts, or even mobile phone numbers, and if they are in the form of hashes even the anonymity would be preserved.
PS: I understood well from your explanation that for Bitcoin the "cost of nodes" is irrelevant, but even so I think it could help for the new protocol proposed here.
PPS: the real cost of a Bitcoin node could also be considered the cost to operate it, that is to write a block, and that in turn is costly, which presents the problem and its solution in an elegant unified way.
> But then, it the nodes are backed by things "costly to create", or better "that everybody owns at most once" that seems fine.
> For example it could be backed by some verified social network accounts, or even mobile phone numbers, and if they are in the form of hashes even the anonymity would be preserved.
If you using some central authority to say who is a valid node and who isn't, which you would need for mobile phone numbers, then why bother with trying to decentralize at all? That same central authority can verify transaction are valid. No need for any of this peer validation stuff.
A central authority like that is possible, but I think it would be very hard to get something like that off the ground, in that the government would eventually shutdown whoever was processing mobile phone numbers. Even Facebook is having trouble getting their (centralized) Libra coin signed off by the various governments, and that is a half a trillion dollar company.
The inner-inner paper (the one referenced by the paper referenced by the paper) gets around this problem using a social network, where you have a neighbor Fred that you met in person, who has a Butcher Dave, and so on. This doesn't seem easy as well. PGP email encryption had the same sort of web of trust idea. There are even "signing" parties where a bunch of people get together to verify each others identity. But still, not many people have a PGP key, much less have it verified by the PGP web of trust: https://en.wikipedia.org/wiki/Key_signing_party
> PPS: the real cost of a Bitcoin node could also be considered the cost to operate it, that is to write a block, and that in turn is costly, which presents the problem and its solution in an elegant unified way.
Well, a node isn't necessarily a miner, and most aren't, actually. One purpose of a node that isn't a miner is to send out transactions on behalf of an individual owner of bitcoin onto the network. Also, a block explorer website would have one to query the blockchain and extract the information to be displayed on its site, and of course an exchange would need a node to perform deposits and withdrawals. Nodes don't have to write blocks, only receive and validate them, and a sybil attacker just needs to create nodes that pretend to validate, it doesn't have to care about having an accurate view of the blockchain. This is very cheap.
We could use a darknet, Freenet-like version of a social network, but how resistant would that be. I think that the same threats apply.
Then, all around us, things that make a link between our physical selves and our digital existence, are all either centralized, governmental or corporate, and they get in touch with the physical person. Or else that is done by computationally intensive tasks -- that's a different way to get a grasp on the real world.
Which other ways could be used to make a strong link with reality?... quantum internet and quantum states as personal IDs? :)
8 comments
[ 5.8 ms ] story [ 34.5 ms ] threadwhich means it does not work against sybil attacks. This is a hard problem, and it's sort of disappointing that it's not mentioned in the techxplore.com article you posted. Bitcoin solves this problem, but this paper does not.
So, why is it a problem here and not for bitcoin? Is it because in bitcoin to own a node is costly, and not here? (it seems like the new system runs on normal signatures, thus quite cheap)
In Bitcoin, running a node is not costly. The miner, however, has to solve the next hash in order to write a block. This, as most people know, takes a huge amount of processing power to have a reasonable chance of doing so. The block produced then contains this information, ie proof the hash was solved.
So, again if a sybil attacker held 99.9% of nodes and the exchange node held only one other connection to a node was honest, if that honest node transmitted the block, the exchange's node would see the block had a huge amount of processing power spent on it, and hence must be valid, even if all the sybil attackers nodes said it didn't exist.
For example it could be backed by some verified social network accounts, or even mobile phone numbers, and if they are in the form of hashes even the anonymity would be preserved.
PS: I understood well from your explanation that for Bitcoin the "cost of nodes" is irrelevant, but even so I think it could help for the new protocol proposed here.
PPS: the real cost of a Bitcoin node could also be considered the cost to operate it, that is to write a block, and that in turn is costly, which presents the problem and its solution in an elegant unified way.
If you using some central authority to say who is a valid node and who isn't, which you would need for mobile phone numbers, then why bother with trying to decentralize at all? That same central authority can verify transaction are valid. No need for any of this peer validation stuff.
A central authority like that is possible, but I think it would be very hard to get something like that off the ground, in that the government would eventually shutdown whoever was processing mobile phone numbers. Even Facebook is having trouble getting their (centralized) Libra coin signed off by the various governments, and that is a half a trillion dollar company.
The inner-inner paper (the one referenced by the paper referenced by the paper) gets around this problem using a social network, where you have a neighbor Fred that you met in person, who has a Butcher Dave, and so on. This doesn't seem easy as well. PGP email encryption had the same sort of web of trust idea. There are even "signing" parties where a bunch of people get together to verify each others identity. But still, not many people have a PGP key, much less have it verified by the PGP web of trust: https://en.wikipedia.org/wiki/Key_signing_party
> PPS: the real cost of a Bitcoin node could also be considered the cost to operate it, that is to write a block, and that in turn is costly, which presents the problem and its solution in an elegant unified way.
Well, a node isn't necessarily a miner, and most aren't, actually. One purpose of a node that isn't a miner is to send out transactions on behalf of an individual owner of bitcoin onto the network. Also, a block explorer website would have one to query the blockchain and extract the information to be displayed on its site, and of course an exchange would need a node to perform deposits and withdrawals. Nodes don't have to write blocks, only receive and validate them, and a sybil attacker just needs to create nodes that pretend to validate, it doesn't have to care about having an accurate view of the blockchain. This is very cheap.
We could use a darknet, Freenet-like version of a social network, but how resistant would that be. I think that the same threats apply.
Then, all around us, things that make a link between our physical selves and our digital existence, are all either centralized, governmental or corporate, and they get in touch with the physical person. Or else that is done by computationally intensive tasks -- that's a different way to get a grasp on the real world.
Which other ways could be used to make a strong link with reality?... quantum internet and quantum states as personal IDs? :)
https://news.ycombinator.com/item?id=21145797