Scaling, Decentralization, Security of Distributed Ledgers (part 4) — Steemit

vantuz-subhuman · 19 June 2018 00:21

I see only a lazy post, comparing Ouroboros with DFINITY. The only actual half-interesting beef he has is about the nothing at stake, but then he supports it with these two links:

1. Theymos's list of altcoins with some technical merit

The bitcointalk comment with the quote:

Ouroboros states clearly the tradeoffs required to achieve that security.
The requirement that most of the stake has to remain online at all times, informs that PoS does not function in the real world without an oligarchy.
In any power-law distribution of wealth, 50% of the money supply is held by the spenders not savers (i.e. the speculators who have no interest whatsoever in participating in stake forging).

This quote is wrong in the assumption that Ouroboros requires >50% of supply to be locked in stake. The actual requirement is that >50% of active stake is online. Which means that if only 30% of all supply is locked in the stake for the current epoch - then >50% of THAT number (>15% of supply) is ONLINE - i.e. nodes that control >15% of total supply are on average online for that epoch.

2. RE: Scaling, Decentralization, Security of Distributed Ledgers (part 3) — Steemit

Link to a steemit comment where he “explained nothing-at-stake for DFINITY” (by his own words).

In that comment he actually mentions that Ouroboros addresses the “nothing-at-stake” problem right in the whitepaper and argues that as long as the majority of the stake is honest - nothing-at-stake is not possible, because of the forkable strings analysis.

The whole argument is distilled to his bitcointalk comment where he argues about “a political-economic assumption as to the maximum percentage of the stake that will collude”. Well, that’s nice and all, but the cryptographic protocol is a mathematical model. And his argument is actually:

Proof-of-stake is entirely not viable as a widely deployed solution on the Internet

Seems a bit maximalist to me. So the whole argument is again comes down to my favourite:

COLLUDING PARTIES!!1

The only actual argument left unanswered, because every other part was already solved, and because the “political-economic” stuff, imo, is an epi-consensual by definition. Protocol solves only one specific problem by saying: “as long as the majority of the participants are honest - you get working consensus.” That’s it. Everything else is not the Ouroboros’ problem.

The “political-economic” question would actually would be much better addressed to this lovely guy:

Who’s job is exactly to solve this problem

All the rest of the stuff is basic and just non-important actually:

1. Claim that Ouroboros needs >5 hours to achieve finality

His table mentions “%100 final irreversibility” which is actually a non-trivial issue for “eventual consensus” systems. The bitcoin, for example, does not have 100% finality at all - because technically the whole chain may be overridden at any time. It’s just that the possibility of such an event is astronomically low. So:

He talks about the difference between 95% assurance that is achieved in 1 minute, 99.9% assurance that is achieved in 3 minutes and 100% assurance that is achieved in “>5 hours” by his own words. Actual official assurance level estimates may be found here: https://cardanodocs.com/cardano/transaction-assurance/
Ouroboros’ safety proof is based on “forkable strings”. When there are no “too frequent” slots missing from the chain - there’s actually 0% chance for an adversary to create a fork, since an adversary may only create a fork if he missed a slot beforehand, or otherwise he would need to perform a double-sign, which is a transparent adversarial event, so a chain might be invalidated. So while the “recent chain” density is sufficient - every block may be considered to be final. The problem, of course, is that this rule only works when the majority of nodes is constantly on-line (which is different from the majority of stake being on-line on average) and the missing blocks problem is getting much harder in Praos, but this is exactly what the Genesis solves.

UPD: Note: that the table provided by Anonymint is actually his valid response to similar, but completely BS table from Dan Larimer. Anonymint actually does a nice job discussing some non-trivial specifics of the Ouroboros and other protocols in his other posts. In this particular section I just want to demonstrate people that the discussion is about the extremely deep and specific issue of “100% finality” vs what people would usually consider “more than enough” assurance in a usual sense. In no case I try here to imply that Anonymint is wrong - he IS correct in that table and does great job with it. It’s just that people should know what this table actually means.

2. Claim that “SCRAPE is much slower and thus finality of transactions are much delayed compared to DFINITY”

The transaction finality is “delayed” in the same sense as described in the previous section.
“SCRAPE” performance is actually irrelevant, since Praos does not use it at all.

3. “As a result, the model for attaining and deciding on finality is different and significantly more complex to explain. And I really don’t find any value for readers in understanding the arcane minutiae.”

So he creates posts about protocols, but then just says: “I don’t want to explain all that stuff”?

Ok.

4. “More Proof-of-Stake Shitcoins”

I think this phrase, along with the above quote about PoS being “entirely not viable”, in my opinion, shows the actual maximalist position of the author and the degree to which he is ready to be objective.

UPD: I meant that he is pushing the “honest majority” assumption as a root problem of each and every PoS protocol ever. His fundamental point is that PoS is non-viable at the core. Please, read more details in the update below.

P.S. Ouroboros is actually a “naive proof-of-concept” that was created with the only intent to show that it is possible for PoS to produce a secure robust ledger - by definition. Everyone knows it already. and Charles himself talked about this many times. This is exactly why IOHK did not just stopped after implementing the SL and did not claim that it’s perfect as it is and should not be ever questioned. The initial plan was to implement the Ouroboros for the initial stage and then to continue the research, and this research gave us the magnificent Praos and Genesis. The Ouroboros may be naive - but it is beautiful in some details and solutions, and there’s so much interesting stuff that can be told about it. And much MUCH more so about the whole Ouroboros family of protocols.

But the author decided to ignore all of that and just go with 3 paragraphs describing well known trade-offs of the first Ouroboros and ~~unrelated~~ a complex economics question which is still under active research.

UPD: In this comment I have failed to mention that Anonymint actually one of the most nuanced authors on many technical questions and his posts are a breath of fresh air in the sea of unprofessionalism. In now way I would want to imply his incompetence - quite contrary. It’s just that:

I didn’t like this particular post of his. Which actually might be my problem, I don’t know.
We differ in his categorical position about the non-feasibility of the honest-majority requirement. I don’t like the fact that he mentions it as an argument in the post about the Ouroboros itself. I very well agree that the question of the honest-majority should be researched in-depth, it’s just that this is a separate issue from the consensus itself, imo. There’s a family of non-BFT protocols that tolerate no malicious participants, there’s a family of BFT protocols that tolerate only <1/3 or <1/4 of malicious participants, and there’s a family of BFT protocols that tolerate <1/5 of malicious participants. Ouroboros is a protocol from the latter family of “honest majority”. The very possibility of BFT protocols with >50% malicious tolerance is a separate serious research. I very well admit that I might not be on the edge of research for this topic, but I don’t think that these discussions should be mixed. That’s it.

This is why I don’t understand why would it be necessary to create a post about the Ouroboros, but then quickly dismiss the topic by saying - “anyways honest-majority is bullshit” I think a separate detailed post like “Viability of the honest majority assumption in PoS vs PoW consensus protocols” would be much more suitable and hella interesting. Ouroboros solves particular problem with particular assumptions. As soon as there’s a successful research available on over-majority tolerance PoS protocols that would not undermine the decentralisation and openness of the participation - I will be there to happily look into things and I’m sure IOHK will be there improving the Ouroboros to new better version. For now - it is an “honest majority” system.

I want to admit that Anonymint showed much more sportsmanship and decency than me in his reply to this comment. I want to admit that I was unnecessary too harsh in my comments to his post and I should have done better job describing the specific points of my disagreement. I apologise for that.

Topic		Replies	Views
Does anybody understand Ouroboros? Education	12	3833	25 October 2018
Cardano the most decentralized PoS protocol: FACT General Discussions	1	313	25 August 2021
Understanding the Security of the Protocol General Discussions	4	796	9 January 2018
Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol Research Papers research , education	0	342	20 July 2023
About PoS dependency on exchanges Misc Dev Talk	15	1218	17 January 2018