If we ever want Bitcoin to evolve from a store of value to an actual payment method we have to come up with something that does at least better than VISA's 8000tx/s and that's just not solved with going from 7tx/s to Bitcoin Cash's ~62tx/s. We have to be able to compete with every payment method out there and we should be able to handle peak throughput during sales period.
Another important factor is the 10 minutes confirmation time, nobody wants to wait for 10 minutes at the counter before they trust you walking out. We need something with instant verification and low fees and increasing the blocksize will never do that.
It exists. It is called nano: no fees and instant transactions through the block lattice. https://nano.org/en/whitepaper
I am surprised more folks on HN are not familiar with nano considering it is one of the few teams in crypto with endorsements from familiar faces: Zack Shapiro on the core team (ex-Product Hunt), Garry Tan (YC, angel investor in Coinbase), and Charlie Lee (former director of engineering @ Coinbase).
Nano / Raiblocks is a scam in the sense it is created for free, and old users need new users to dump their nano at a profit to new bag holders.
The initial distribution of XRB was performed through
"manual mining" limited via a captcha.
The distribution rate was
17 XRB (Raiblocks) per hour per ip4.
This method was easy to automate, and easy to bypass with the plethora of VPNs and users who own hundreds of IP4/IP6 addresses. Presumably the dev team has the vast majority, millions of Rai/Nano.
If we had a token either strictly or loosely tied to real-world identity, then I too would criticize the initial distribution. I would call for an airdrop that provides an equal allocation of a new currency to every identity token. I don't believe there currently exists a good way to do a universal airdrop. The counter argument to doing a universal airdrop is that all economic systems move towards inequality of outcome, so in due time, the initial distribution is meaningless.
ICO's that promise guaranteed returns are scams. Nano is an open source project that aims to give people an alternative to government currency. https://trends.google.com/trends/explore?q=raiblocks The most interest as measured by google search activity in the world for raiblocks/nano is in Venezuela; you'll find a similar pattern of top search results coming from countries where citizens are looking for alternative currencies -- Kosovo, Cyprus, Greece, etc -- with other useful cryptocurrencies.
disclaimer: I interviewed with the team back in January and turned down a contractor role but was impressed with their mission and roadmap.
It's funny to think of all the people getting into Bitcoin in 2018 thinking they're "getting in early" when the math behind Bitcoin granted those early users nearly the entire supply for pennies and anyone buying in recently or in the future will exchange real capital in exchange for these tokens generated for nearly 0 capital effort.
Measurably less CAPEX and OPEX for the first users to run the software "securing" the least important era of the network earned the greatest percentage of the supply?
Satoshi is even quoted as to the design of the ponzi like scheme:
Satoshi Nakamoto
Thu Jan 8 14:27:40 EST 2009
I made the proof-of-work difficulty ridiculously easy to
start with, so for a little while in the beginning a
typical PC will be able to generate coins in just a few
hours. It'll get a lot harder when competition makes the
automatic adjustment drive up the difficulty.
first 4 years: 10,500,000 coins
next 4 years: 5,250,000 coins
next 4 years: 2,625,000 coins
next 4 years: 1,312,500 coins
Only for early adopters who know they'll be able to exploit late adopters. Users clearly become incentivized to market their free tokens as an opportunity at wealth, as they exit and sell them to late bag holders.
Satoshi could easily have designed the PoW to distribute more slowly, and favor long term growth as more users join the network. Instead only early adopters control the supply. The risk of this is catastrophic.
One important point: if we actually include all 7 billion
people on the earth, most of whom have zero BTC or
Ethereum, the Gini coefficient is essentially 0.99+. And
if we just include all balances, we include many dust
balances which would again put the Gini coefficient at
0.99+. Thus, we need some kind of threshold here. The
imperfect threshold we picked was the Gini coefficient
among accounts with ≥185 BTC per address, and ≥2477 ETH
per address. So this is the distribution of ownership
among the Bitcoin and Ethereum rich with $500k as of July
2017.
In what kind of situation would a thresholded metric like
this be interesting? Perhaps in a scenario similar to the
ongoing IRS Coinbase issue, where the IRS is seeking
information on all holders with balances >$20,000.
Conceptualized in terms of an attack, a high Gini
coefficient would mean that a government would only need
to round up a few large holders in order to acquire a
large percentage of outstanding cryptocurrency — and with
it the ability to tank the price.
With that said, two points. First, while one would not
want a Gini coefficient of exactly 1.0 for BTC or ETH (as
then only one person would have all of the digital
currency, and no one would have an incentive to help boost
the network), in practice it appears that a very high
level of wealth centralization is still compatible with
the operation of a decentralized protocol. Second, as we
show below, we think the Nakamoto coefficient is a better
metric than the Gini coefficient for measuring holder
concentration in particular as it obviates the issue of
arbitrarily choosing a threshold.
...However, the maximum Gini coefficient has one obvious
issue: while a high value tracks with our intuitive notion
of a “more centralized” system, the fact that each Gini
coefficient is restricted to a 0–1 scale means that it
does not directly measure the number of individuals or
entities required to compromise a system.
Specifically, for a given blockchain suppose you have a
subsystem of exchanges with 1000 actors with a Gini
coefficient of 0.8, and another subsystem of 10 miners
with a Gini coefficient of 0.7. It may turn out that
compromising only 3 miners rather than 57 exchanges may be
sufficient to compromise this system, which would mean the
maximum Gini coefficient would have pointed to exchanges
rather than miners as the decentralization bottleneck.
Conversely, if one considers “number of distinct countries
with substantial mining capacity” an essential subsystem,
then the minimum Nakamoto coefficient for Bitcoin would
again be 1, as the compromise of China (in the sense of a
Chinese government crackdown on mining) would result in
>51% of mining being compromised.
Why do you have such a strong emotionally negative response to cryptocurrencies? It is pretty clear you are communicating disingenuously. The reasons for ending BTC support for many merchants and platforms were high fees and long tx confirmation times, which is what many altcoins have focused on addressing (eg Ether, Stellar, Litecoin, Nano)
Because most of the cryptocoin projects are designed as way to scam other users.
Why doesn't Nano Raiblocks allow more users to generate new Nano/Raiblocks? Would that hurt your investment if every user had equal access to the production of the supply?
Why are you so emotionally invested in trying to sell these beanie babies to other people? Is it because you need to profit off other buying into your scam?
Still no list of businesses accepting Nano/Raiblocks?
I am excited about the technology. I had taken a light look at the space 4-5 years ago and did not form a strong impression. I didn't take a look at the technology again until last September.
One of the topics I enjoyed deep diving on the most was the lightning network. The two pain points I observed for lightning were: (1) It takes a non-trivial amount of energy to understand hashed time lock contracts well enough to be able to prove the concept to yourself. Not having as easy mastery of a topic off the bat leads to feeling less secure about one's ability to reason about security. (2) The specter of rising on-chain fees for commitment transactions to open payment channels.
With regard to Nano, I was happy to see a different approach to the same problem that was more intuitive. I run a small business and am waiting for the desktop and mobile wallets to come out of beta before I offer the ability to pay with Nano.
I'd be happy if something came along that was better than Nano. I have it on my todo list to look into Byteball Bytes. I am optimistic about larger scale benefits that society will enjoy from the cryptocurrency space if certain projects are successful (eg improved ease of financial auditing, information-sharing platforms with strongly reduced odds of astroturfing, disappearance of credit card fees, increased financial transparency, reduced exchange fees when traveling, banking for the unbanked, etc). Since I am optimistic about the societal benefits from the space as a whole, I want to see more developers interested in getting involved.
It's a weird space. I see the general concept behind cryptocurrencies as bringing the same benefits you've outlined and from a technology and software perspective these projects are fascinating.
My contention with most of these projects and users is that in these specific implementations nearly every single one of the cryptocoin projects are designed to enable oligarchical wealth extraction from downstream investors - especially in the case of uninformed users/speculators who join the network later.
The question becomes of sustainability - if there's no underlying value to the asset and it relies on speculation and the supply is heavily centralized among a small pool of early adopters than there will likely be a point where buy pressure runs dry and most of the late adopters will be unable to exchange the same amount of wealth they traded into the system.
And Charlie Lee is a scam artist, so no surprises there.
In light of the downvotes with no response, here is some reasoning. He bought in at around $30, and the first thing he did was clone BTC with minor negligible modifications. Philosophically at that time, this shows a remarkable lack of commitment to the underlying goal. Then, during the recent boom he completely cashes out of his own project while the market cap shows nothing close to the transformative goal of the creation of Bitcoin. Ultimately what he does doesn't matter, but his actions speak louder than words. In addition, the tactics employed within Coinbase for the LTC listing and his involvement in a proof of stake coin leave me completely unsurprised. This isn't to say Nano has no merit, I congratulate the team there, but proof of stake, unfortunately, results in all rewards to creators and an unsatisfying amount of control among people where distribution was guaranteed for no "work".
Cognitive dissonance among Bitcoin minimalists is quiet amusing.
You think Bitcoin is good but fear Litecoin for creating a new alternative system?
You think deregulating into a anarcho-capitalist deflationary market is good, but then complain when someone does something you don't agree with?
but proof of stake, unfortunately, results in all rewards
to creators and an unsatisfying amount of control among
people where distribution was guaranteed for no "work".
Apparently you haven't bothered to look at how Bitcoin is created? The supply is generated in such a way that a small group of users spent minimal work (CAPEX+OPEX) to generate the majority of the supply. All "rewards" of the supply went to the smallest population of the world. Satoshi just created a new system for oligarchical wealth extraction.
Not quite. Your points are very valid, but you need to compare it with the current system. The new system of oligarchs comes with new constraints. The initial creators in some ways deserve to be significantly rewarded for such an innovation, as the new constraints are that supply is limited, thereby the rising tide lifts all boats of participants. Proof of Stake does this but takes away a significant randomness in distribution and guarantees that the majority is held initially by one authority - this is not guaranteed at all with POW, and if not premined, then even better.
Your other crticism of maximalists fearing an alternative, this is really just BS. I will gladly tell you (as many maximalists will) that Monero is actually better on most fronts that Bitcoin tries to win on. Scalability is really the only thing it leads on, and this is not out of the realms of possibility for Monero. So you can choose your oligarchs, and you can choose how they are constrained. Hopefully your community will grow such that you all benefit.
Nano and other non-linear/DAG chains are interesting, but it seems more difficult to reason about the consensus properties. Have any (neutral) 3rd parties done thorough analyses of them?
Devs said they are researching for a audit company currently, but there will be a major change in the protocol pretty soon, so I guess it will be done afterwards.
Endorsements and nifty tech are nothing without actual use.
Nano suffers from the same problem that 99.9% of cryptocurrencies suffer from: no useful information on how an average person might actually USE it.
Google brings various ways you can BUY Nano in order to speculate. I want to see real world usage, I want to buy VPN/Hosting/Alpaca Socks using Nano.
PS Nano is also 100% pre-mined which means one would have to investigate on who holds what percentages of these pre-mined coins. (case in point: Ripple)
Funny fact, there is a VPN provider accepting Nano, there are hosting providers accepting Nano, there is even a sport socket shop accepting Nano (sadly no Alpaca from what I know)
In regards to premine, yes it was premined, but because 95% were distributed by the captcha faucet, 5% went to the dev fund. Since the nano protocol does not need miners it was in my eyes a pretty good idea to get even non crypto people on board.
You do not see it because you likely fall outside of the demographic of cryptocurrency first users: businesses and citizens in countries facing hyperinflation, black markets, gambling, porn users seeking anonymity, legal pot businesses in the west cut-off from traditional banking in the west, legal porn businesses cut-off from traditional banking in the west.
Bear in mind there is a lag in adoption of the best technology. Just 4-5 months ago bitcoin was still the dominant currency on darknet markets, now it is monero.
See, I remember the huge growth in merchant adoption in 2013 for Bitcoin and how for a moment in time Bitcoin was useful as a currency. I actually used Bitcoin back then from my 2011 minings.
Now I agree that there is a niche for Monero in black markets.
Then there should be a huge opportunity for some crypto currency to take over Bitcoin in the role as a medium of exchange for general public.
Thus it really irks me that I am not seeing these supposedly revolutionary crypto currencies attempt to do anything useful.
Why doesn't any cryptocurrency focus on usability for a regular audience first?
No, but if you're someone who wants to see Bitcoin succeed then you probably don't want to use a scaling solution which only works if you assume Bitcoin will never achieve mainstream adoption.
Because increasing the block size is an inelegant approach that will only work briefly and then there will be more demands to make the blocks bigger again, eventually leading to centralization.
Increasing the block size doesn't solve the problem, it just makes the problem bigger.
other "coins" with larger faster block sizes are already running into storage issues.
Repeating this propaganda over and over and over doesn't make it true.
No centralization will occur with an increase in block size, as there will still be enough participants to prevent attacking the block chain.
If what is meant by centralization is the reduction of people who can run nodes, then keeping the block size small also increases centralization by this definition, as there is a reduction in people who can afford to transact on the main chain.
But when it comes to maintaining the core trustless network inherent in the bit coin algorithm, increasing block size does nothing to break its function.
I guess that's true based on your definition of "trustless". But I wouldn't consider a network where as a practical matter I have to rely on a small number of centralized servers for validation "trustless".
lol, with lightning you have to rely on a small number of centralized payment hubs who will likely be strongarmed by the government into keeping tabs on transactions through KYC/AML laws.
It completely breaks the fundamental and original usecase of bitcoin: peer to peer electronic cash.
Now it's "first world speculator to first world speculator through intermediary financial institution electronic store-of-value". Doesn't roll of the tongue quite so well, does it?
IMO, XMR and BCH are the current best options for transactions. BTC is being destroyed by people who hadn't even heard of it 5 years ago.
That is true. I guess my definition is as long as new players / players with different motives and agendas can join the fray, it is ok.
So like I don't mind if we end up that you need at least $1million to become a miner, hell we are half way there anyway on both chains, I just mind if nobody can join, or if it goes to $1billion to be able to mine.
LN seems like the ultimate in centralisation so as an alternative (while it might work,) it's a far inferior solution on that score.
That's just unfounded vague fear though. Do you have a concrete concern, or a specific technical scenario where having less mining nodes is a real problem?
My point is that neither reducing the people who can transact nor who can mine have any effect that can be called "centralization". It's propaganda. Centralization implies a single point of control. Having less people be able to transact or mine doesn't change the fundamental properties of bitcoin and "centralize" it. Centralization is not a gradient.
I don't buy the increased centralization argument. It usually comes down to the problem of orphan blocks / block propagation, a problem which has been made significantly better over time.
Even Satoshi was convinced that the block limit would be increased (it was only added for ddos protection reasons). He didn't even foresee the "block size debate" as an issue because it was never a debate. Of course the transaction throughput would be increased.
He literally said "Bitcoin never really hits a scaling cap".
Now, I'm not saying we should deify them or assume that they thought of every potential issue. But I think we should be very hesitant to deviate from their vision without an actual justification.
I believe that the community has been poisoned by people who don't even understand the original vision. As soon as Bitcoin Core / Blockstream got involved after Satoshi left the scene, everything went to shit.
Lightning is fundamentally an inferior user experience. You should be able to send money instantly without a third party. THAT was the point of bitcoin. Not to force people through a new type of financial institution (lightning hubs), solely to fix a manufactured fee problem.
> then there will be more demands to make the blocks bigger again, eventually leading to centralization
Because having a bigger block size raises the barrier to being a miner. (CapEx and OpEx are both greater.)
Imagine the other extreme: mining is so cheap that every phone, watch, and — oh let's just throw in every mouse and pigeon cortex — can be a miner. This is near one extreme of decentralization.
That's unattainable[1], but it's an intuition hook for the fact that the more expensive you make mining, the more centralized it becomes.
[1] IOTA tries to get closer to this. It makes a couple of changes from Bitcoin / Ethereum / etc. (1) IOTA uses a graph instead of a chain — this is why mining is cheaper, and low-powered IOT devices can mine. (2) IOTA uses homegrown cryptography, (EDIT: that has been proven exploitable multiple times), instead of reviewed standards. (2) isn't necessary for (1), nor does it help decentralization; it just seems to be an attached vanity project.
> Iota is horrendous(they rolled their own crypto and its bad)
Yeah, I probably didn't emphasize this enough. In addition to last year's curl fiasco[1], and this year's email dump[2], there's now this unlucky-13 exploit[3].
> no IOT company will ever bother with it
This would seem to follow, but [4] (partnership with Cisco, Samsung, and Volkswagen), if true, contradicts it. (I'm skeptical of IOTA partnership announcements because of last year's IOTA/Microsoft “partnership”[5].)
>Because increasing the block size is an inelegant approach that will only work briefly and then there will be more demands to make the blocks bigger again
Maybe because you provided a link without summarizing it?
(Just guessing — I thought your comment was sufficient, and I upvoted it. Also — I know it's policy not to discuss votes, but I'm also a fan of feedback loops that lead to desired behavior, and I don't see enough signal in this one.)
I can't speak for anyone else, but for me personally I just don't like the approach of trying to solve the problem by throwing more disk space at it. It feels... inelegant, and probably unsustainable long term.
Imagine for a minute a future where Bitcoin goes mainstream and needs to process ~2k transactions per second. (A reasonable estimate of the world's current credit card transaction rate, and 3 orders of magnitude more than Bitcoin's current max capacity.) Would that _really_ be possible to sustain just by raising the block size?
Bitcoin's block chain is already 150 GB after only a decade, and if we drastically increase its rate of growth like that (by 3 orders of magnitude) the hardware requirements for even storing the full chain are gonna get ridiculous pretty fast.
That's not to say that I think bigger blocks couldn't work, but I think if Bitcoin does go that route it then it will need to find a way to trim old blocks out of the chain without compromising security in any way. Otherwise there's a real possibility we might end up with a 100 TB chain on our hands within the next 10 years or so. (Assuming Bitcoin succeeds the way we might want it to.)
Lightning Network isn't really a satisfying solution in my opinion. It means that Bitcoin will just be a low-capacity settlement layer, and regular purchases will need to use PayPal-like middlemen to avoid hefty fees.
There are a few on-chain scaling solutions. One is Vitalik's approach to sharding. Payments would be split into debits and credits, and a credit transaction would include a Merkle proof showing that a bunch of validators on a different shard approved the corresponding debit. Double spending would be possible if you can corrupt a single shard, but users would be randomly bounced between shards to make that difficult.
Another solution, which I think is very practical, is to make some protocol changes so that scalable full nodes can be run by a cluster of servers. Running a full node would become expensive, but most users would be fine with SPV clients + fraud proofs. See https://ethresear.ch/t/scaling-via-full-node-clusters/1358
> It means that Bitcoin will just be a low-capacity settlement layer, and regular purchases will need to use PayPal-like middlemen to avoid hefty fees.
You're correct, of course. But what's wrong with that? You still retain ultimate sovereignty over your funds, which is the most important property, I think. What do you think is lost by Bitcoin being mostly a settlement layer with the option to transact on-chain for a higher fee?
I think it's okay if users could settle reasonably often, but unless the main chain's capacity is greatly increased, that won't be the case. If 7 billion people used Bitcoin today, the current ~4 TPS capacity would only be enough for each person to perform one transaction every 55 years.
If we adopted a 100mb block size, which is probably pushing the limit of what a normal server machine can handle, that would be just enough for each person to perform two on-chain transactions per year.
Most people would want to settle at least once per month, to collect their paychecks and move the money into a payment channel with a well-connected middleman. That doesn't seem feasible without sharding or some other solution to drastically increase the main chain's capacity.
I think the idea is that due to the existence of LN, you would almost never need to settle on-chain. But because you theoretically could, you maintain all the benefits of genuine financial sovereignty without ever having to actually exercise it.
I haven't read most of the paper (59 pages!) so I might be missing something, but let's say I'm receiving Lightning payments from my employer and sending Lightning payments to my landlord. When my channel to my landlord runs out of funds, won't I need a couple on-chain transactions to withdraw funds from my employer channel and add them to my landlord channel?
If I could somehow transfer my employer's IOUs to my landlord off-chain, I figure that break the security model because my landlord wouldn't know if I had double spent the IOUs. Let me know if I'm missing something though.
You are correct, if you think about it as a payment channel between you and your landlord, and a separate channel between you and your employer, I believe. However, the way it's more likely to end up shaking out is as an interlocking network of trusted intermediaries, much like Visa/Mastercard are now.
Your employer will pay you, and then you will pay your landlord. But the only channel you'll have open is one to this 'visa' like entity that sits in the middle, and so will your employer and your landlord. So that trusted intermediary will ensure you don't double-spend to other parties in their channel, but who are the only parties you could double spend to. At least, that is my understanding of how the model works - I haven't read all 59 pages either, though.
You must be granted permission by liquidity hubs who route your payment, because it is a complicated (A wants to transact with C so B signs a transaction with C contingent on an equal transaction between A and B) design.
The alternative, just fucking sending your bitcoin without a trusted third party, is the only viable option. And that requires not trying to mandate a transaction limit through a completely arbitrary and manufactured block size cap
This is a really bizarre rational, disk space is insanely cheap and simply storing the blockchain does nothing to actually validate transactions or contribute to the network.
8000GB drives cost about $150 now. Storage is getting cheaper.
Why not change the PoW hash algo to avoid costly ASICs and help decentralize the more important aspect of blockchain transaction verification?
That's enough to handle the blockchain size increasing by one order of magnitude. I just talked about a scenario where it could conceivably increase by 3.
Storage is indeed cheap, but not _that_ cheap. Unless you're envisioning a scenario where only large stakeholders like miners and exchanges ever have to store a full copy of the blockchain.
Why would transactions increase but not space per dollar? Has disk technology stopped progressing?
The time it takes to increase by 3 is probably the amount of time disk space will increase by 3 at the same cost.
Exactly. Costs for computing/disk storage go down exponentially.
Cryptocurrency tx/sec goes up exponentially.
As long as the two rates roughly cancel out, we're okay. If they're massively different rates, then you're still dealing with an exponential which is difficult. Either way though, lightning is a linear benefit, not an exponential one. And it comes at the cost of breaking everything that made bitcoin great in the first place.
I don't ever want to have to deal with an intermediary financial institution again. Somehow, the pro-BTC side of the chain thinks that view is ridiculous.
The "Pro-BTC" side is really Pro-neoBTC, oldBTC, satoshis BTC was all about never dealing with an intermediary unless you choose to for whatever weird reason.
What makes you think you need to store the whole blockchain? Older blocks can be pruned. The whitepaper discussed this. The UXTO set is all that's needed for block validation, and that's quite small (currently ~50M).
My point is: why do people still store full copies of the chain? If there are no downsides to this, why didn't we purge that 150 GB of useless data from the network a long time ago?
And if people still _do_ need the full chain, then obviously that solution isn't sufficient to eliminate the problem I outlined in my previous comments.
Because right now you can't distribute the UXTO set in a trustless way. Core developers blocked it two years ago for nonsensical reasons [1], one of the many reasons the community doesn't trust them. Work has picked up on this in BCH [2].
Wait, so that solution is essentially just trusting a few members of the community to decide what everyone's Bitcoin balance is? (Pick a few people to sign the UXTO and just trust their signatures?)
I'm kinda surprised you consider the dev's rejection of that idea to be "nonsensical". Seems perfectly sensible to me that they wouldn't want to grant that kind of authority to any particular set of individuals. In particular, that method is most certainly _not_ "a trustless way" of distributing the UXTO.
Hopefully whatever solution the BCH devs are working on isn't anything like that...
It's nonsensical to shutdown the discussion so quickly. This wasn't a BIP. You can hash the UXTO set and put the hash in the blockchain, or put the UXTO set in special blocks, or cross-validate the UXTO set across nodes. There are solutions.
If we keep bitcoin block sizes as they are or reasonable we can roughly predict how big the whole chain would be 100 years from now(im being very optimistic here.)
Based on the exponential growth of disk size, I don't see this as a problem. I wouldn't be surprised if the entire chain, even at visa levels, could be stored on an average phone in 10 years.
I tend to think raising the block size to improve throughput is like adding another lane to a busy highway. It's an expensive road upgrade that won't relieve congestion, but just add more commuters by increasing the number of cars.
Along that analogy, LN is more like carpooling. More commuters, same number of cars, no changes required to the roads. It's a cheaper upgrade that achieves the same effect in a different way.
False analogy. In terms of throughput the analogy is good, but you neglected that lightning breaks how bitcoin works. You need to get permission from a centralized lightning hub to transact.
Also, high fees (which blockstream vocally is in favor of) increase UTXO bloat by preventing consolidation
Not true. You can still use normal permissionless transactions, and start a hub without a permission. I was also worried about hubs getting too much power, but Lightning just takes all 'busy' paths (such as exchanges and payment providers) to their own roads. If a path is getting busier on mainnet, it is more economical to move it to Lightning. It doesn't favor centralization beyond what naturally happens (some places are busier). If there's someone with too much power, it's always possible to make another hub. It's kind of natural path-finding. I think hubs will be strongly geographical when people start using Bitcoin on their local purchases. Big stores don't also want to give Lightning fees to anyone so they set up their own hub.
Also, when the bulk of transactions moves to Lightning, the mainnet fees will become much lower.
BCH's approach would eventually centralize the network.
Remember that at least one of these blocks is generated every 10 minutes, and more than one might be flying around during a chain split. Remember also that nodes do actually need to iterate over all the transactions in the block to check they are valid when they receive a new block. Proof of stake prevents malicious actors from wasting CPU/DiskIO on full nodes with spam attacks, but the transactions in a block with PoS signature still need to be validated, ideally before the next block arrives.
Originally with the 1MB block, there were quite a lot of full bitcoin nodes running on raspberry PI's under peoples desks in places with really shitty internet. Segwit kinda-sorta actually increased the block size from 1MB to up to 4MB. 16% of Malaysia gets internet slower than 256kbps. Running a bitcoin node today takes up ~20% of a connections total bandwidth in these places. Increase the block size to 20MB, and it will not be possible to run a node in some areas of Malaysia, because 20MB/10min is too fast for the connection.
At 20MB of transactions per 10 minutes it's also possible that the diskIO on a gen-1 Raspberry PI using a cheap SD card might not be enough to scan and validate every transaction in an incoming block. Remember that a node might have to scan very far back in the blockchain to find the last time an unspent output was interacted with. I'm not sure how big a block has to be before that IO overhead starts eliminating entry-level hardware.
But you don't actually get much for increasing to 20MB blocks. Another poster said that bcash going from 1MB to 8MB blocks increased the throughput from 7tx/s to 62tx/s. Lets take that as gospel, assuming that's 1MB blocks vs 8MB blocks, and extrapolate like madmen. To get to that posters desired 7,000tx/s "Visa scale", we'd need blocks of around...1GB.
That's 13.3mbps 24/7. Now most of Australia and the USA can't host a full node, and that's before we start talking not just about disk IO but even hard drive space. If new blocks are being created at the rate of 1 Gigabyte per 10 minutes, you'll need to provision 4 terabytes of new storage every month to compete with Visa.
Look, short version is this: scaling by increasing the block size eventually ends in performance requirements that force datacenter scale hardware requirements. If bcash ever reaches that point, it will have lost the decentralized, censorship resistant attributes that make cryptocurrencies valuable in the first. If your cryptocurrency isn't decentralized, you might as well use a bank. There's better regulation and much less uncertainty in being a customer of a bank.
So anyway, the Lightning network developers think that LN provides a better scaling solution. Maybe they're right. If they're not, someone will try something else. Maybe there's no solution that can scale to Visa scale, we just don't know. But bigger blocks is definitely not that solution.
You're talking about the cost of future tx thruput and comparing it to today's storage prices. How can you not see what's wrong with that?
>But bigger blocks is definitely not that solution.
How easy it is to make a claim without any proof.
>Originally with the 1MB block, there were quite a lot of full bitcoin nodes running on raspberry PI's under peoples desks in places with really shitty internet. Segwit kinda-sorta actually increased the block size from 1MB to up to 4MB. 16% of Malaysia gets internet slower than 256kbps. Running a bitcoin node today takes up ~20% of a connections total bandwidth in these places. Increase the block size to 20MB, and it will not be possible to run a node in some areas of Malaysia, because 20MB/10min is too fast for the connection.
Heh, even Segwit proponents don't understand Segwit. Please stop lying about 4MB blocks, it just wastes all of our time. Segwit arbitrarily considers the "witness" portion of the TX to be 25% of its real size in bytes (they define a "block weight" accounting measure that distorts the true storage cost).
This means blocks can only be 4MB if the block is entirely witness data, which never happens in the real world. In practice, segwit will give you 1.7-2MB blocks. There is no efficiency increase (in terms of tx thruput per unit of computation, etc) with Segwit at all, there is only the increased tx thruput caused by bigger blocks (how ironic).
>Running a bitcoin node today takes up ~20% of a connections total bandwidth in these places. Increase the block size to 20MB, and it will not be possible to run a node in some areas of Malaysia, because 20MB/10min is too fast for the connection.
You use a misleading definition of bitcoin nodes that has been used to poison the discussion. A non-mining node has no role in securing the network, except for SPV wallets (lite wallets). Mining nodes have the full power to choose which transactions are uptaken into the blockchain (merkle tree), so non-mining nodes are a garbage metric to use to judge 'centralization'. It doesn't matter if everyone and their dog has a copy of the blockchain on their raspberry pi, if they're not mining they're not securing the network, period.
The original bitcoin whitepaper written by Satoshi is quite clear - when they refer to nodes, they mean miners.
As you can see, the entire manufactured block size debate is built on misinformation and propaganda. How sad that the bitcoin community fell apart as soon as Satoshi disappeared.
>At 20MB of transactions per 10 minutes it's also possible that the diskIO on a gen-1 Raspberry PI using a cheap SD card might not be enough to scan and validate every transaction in an incoming block. Remember that a node might have to scan very far back in the blockchain to find the last time an unspent output was interacted with. I'm not sure how big a block has to be before that IO overhead starts eliminating entry-level hardware.
Entirely irrelevant. Your average cryptocurrency user does not need to validate the entire blockchain. They only need to ensure their own TX have made it into the chain, a role fulfilled by SPV wallets like electrum. Again, Satoshi himself said this.
>A non-mining node has no role in securing the network, except for SPV wallets (lite wallets).
I just noticed this snippet, and it's wrong enough that I feel I should address it separately. Safe to say you don't understand blockchain verification very well.
Why would any non-mining node choose to assume that the mining nodes are non-malicious when they could just check? That's pretty much the whole point of the distributed ledger concept: not having to trust anyone else on the network, yet still being able to transact.
>You're talking about the cost of future tx thruput and comparing it to today's storage prices. How can you not see what's wrong with that?
There is nothing on the horizon that suggests a 4TB/month growth rate will be serviceable by anything less than data-center grade hardware at any point in the next 10 years. Beyond then, it's a crapshoot.
I'd /like/ to see bitcoin operate at Visa scales before then, so I must look for a solution that can work with a reasonable extrapolation of the state of storage today.
Never the less, I sense that you have an agenda and that you will not be dissuaded from it. Continue to preach as you see fit. Before I head off, I'll say the following: I'm lightly invested in bitcoin, litecoin and vertcoin, with perhaps $150USD spread across the three. I have no investment in bitcoin cash.
Care to share your crypto investment portfolio with our fellow comment-readers?
I used to own 7 BTC. Then converted it to BCH/XMR. Then sold most of it a couple months ago, mainly due to concerns about tether / general market mania
Once BTC fees hit $40 average tx (I paid $100 due to UTXOs increasing my tx size in bytes because I actually used bitcoin to transact), I had to accept that BTC was done.
Regarding all of these, they may not be literally O(n^2) but they are certainly more than O(n) and they compound each other.
His argument I disagree with most is the Metcalfe's Law one:
> I’ve transacted with probably under 100 other people or companies in the five years I’ve been using Bitcoin; the demand for transactions scales up linearly with the number of people using it.
As more people use Bitcoin then Gavin's personal demand for transactions would increase roughly linearly, but because there are more users the overall demand would increase quadratically.
Or is he saying his transaction volume wouldn't increase even as more people accepted Bitcoin? I don't believe that.
This is so incredibly exciting for bitcoin. I know this is only a beta and it's been in the works for a while, but many people didn't believe we'd see anything at all this soon.
Something seems off with what LN claims is a p2p network, as the claim is they've created something better than BGP yet there's going to be many many race conditions if the network is ever actually used at scale and the only solution to those race conditions will be broadcasting updates to inform other nodes the route is inaccessible.. which will raise the bandwidth demand for anyone running nodes needing those updates.
For LN to claim to be p2p seems rather disingenuous, as everything about it is going to favor wealthy centralized payment processor hubs. What's the point than? Why not use venmo / stripe / square where there's less risk of scam for both consumer and retailer? Running a LN node will require a hot wallet with keys in memory, so if a Spectre/Meltdown style attack hits your node your key and funds are at greater risk of being stolen.
LN also opens up the ease of money laundering, so will all LN nodes need to keep KYC/AML logs for future audits?
LN will have all the problems of BGP, fused with all the problems of KYC/AML/legacy financial institutions.
It's truly a beautiful monstrosity. It'd be hard to come up with a more objectively inferior solution if you really tried.
No longer can a new user just send a transaction and have that magical user experience, instead they have to be given permission to transact by monolithic liquidity hubs, who of course must take their own fee. In fact as a rational lightning hub owner, I would want a rate of return similar to stocks but times some multiple to account for the very high risk of my hot wallet getting hacked and losing all my money.
Full disclosure: I'm a BCH/XMR supporter although I no longer own either since I've been sitting out of the scene for the last few months while waiting for all this idiocy to blow over
I noticed you've posted the same thing in many different posts with increasing inaccuracy.
> instead they have to be given permission to transact by monolithic liquidity hubs
Completely false
> who of course must take their own fee
May, and routes aren't prescribed so they may take a fee on a payment that may be routed through them.
> I would want a rate of return similar to stocks but times some multiple to account for the very high risk of my hot wallet getting hacked and losing all my money.
What. This is completely disconnected from Lightning's functionality.
blockcipher is refering to a new type of attack LN enables, which would be a (large) node/hub having the ability to ignore/drop transactions. It's roughly similar to how pool operators can create custom tools to suppress activity passing though their part of the network.
The latter comment is in regards to the risk of providing liquidity in the more concerning design caveat of exposing keys in memory on an internet connected computer. The attack surface for theft of a LN node is now significantly higher than a normal bitcoin wallet.
It is inherent to the architecture of the Lightening Network.
Run a simulation with many p2p nodes in an adversarial payment routing network, and the inevitable statistical optimization will be centralized payment hubs controlled by wealthy users.
Smaller less wealthy nodes will not be able to sustain routes and will be ignored. No one wants to keep paying fees to open up dozens of routes as if they're pre-depositing funds all the places they shop.
Some commenters here appear to be asking why one should favour LN over raising the block size.
The answer to that is that it's not a dichotomy.
There's not a decision to be made _between_ 'LN' and 'Raise block size'. They're two independent things. The LN is an opt-in system on top of bitcoin.
If we're lucky, LN works out well.
If it doesn't - I'd be in favour of keeping the blocksize low anyway and I think a lot of technical folk would too. The reason why I don't think is difficult to understand, rather it's difficult to accept.
Raising the block size beyond some value is problematic. A small increase is likely safe, but we really don't know what. This is both in order for full nodes to be usable on reasonable hardware, and also to ensure fee pressure (in a low/zero fee environment, inflation will likely have to be introduced to ensure enough mining happens for security).
A good analogy might be with cars and cities. Imagine we lived in a world where public transport simply couldn't exist - for whatever reason it's just impossible. Would it be prudent then to bulldoze the streets of London, Paris, wherever else, to build more roads for capacity? I would argue not - you simply have a situation in which there's a limit on capacity and that's that.
In addition, in the world where pub transport _does_ exist, investing in trains does not necessarily mean completely stopping work on roads entirely. They're different things.
People are just handwaving this away like it's a side thought, while touting the solution this gives as THE gift to mankind to get away from traditional banks.
Another cryptocurrency 'innovation' delivering overly complex solutions to problems that didn't exist and ignoring the real problems.
So... You have to trust these edges/connections? Who will enforce this? How would you know the largest transaction that has occured somewhere else in the network?... trustlessly? Why 100x?
You know what? All the hops where your TCP/IP connection has gone to allow you to write that message, were provided by devices that had to be online in order to provide you the services. EOM
Yes, but routers aren't responsible for keeping my money safe. If you don't constantly monitor all your LN channels, the other party can just steal your money by issuing fraudulent messages to the network.
Someone can setup "watchdog" services that you can give your revocation transactions to and they can watch the blockchain for any attempts to "steal" your money and if any are found they can instantly broadcast the revocation.
Doing it this way you don't give the "watchdog" service any control of your BTC, just the ability to broadcast countersignatures, which means there is still no counterparty risk here. You could even give your revocation transactions to multiple 3rd parties that can all watch the blockchain for you if you don't trust any one of them to not backstab you.
But what happens if a watchdog has an outage? I need multiple backup watchdogs then, and no watchdog will work for free. So I'm now paying multiple entities to securely transact money to other people that themselves also need watchdogs to watch their channels. This sounds not like it will result in low fees. Transaction fees, maybe, but overall fees including middlemen will be quite a bit higher.
I'm curious if anyone has found a good writeup on how watchtowers work.
My understanding is that with the normal lightning network, there is a reward built in that you receive if your counterparty tries to fraudulently close the transaction. You receive your money + some of what they owned. From what I remember, watchtowers can be incentivized by receiving a portion of this money. This way you only pay something if your counterparty tries to screw you, and the amount you pay doesn't come out of your money.
tldr; I think the watchtower fees are only paid if a problem occurs, and even then your counterparty is the one that effectively pays the fee.
Locktimes are currently on the order of days (roughly 3 days IIRC), which means you have days to react to a fraudulent transaction. A dedicated watchdog service being out for days at a time is pretty shitty uptime.
Not to mention that this isn't the ONLY way you can watch out for this. Your laptop, phone, or any other internet connected device can also watch for these transactions, as long as you connect to the network once every 3 days, you can handle it yourself.
>...and no watchdog will work for free.
I'm sure you are correct, but we will need to see the exact costs here. I'm guessing (and it is a complete guess) that the costs here won't be that bad at all. You could write a service that scans the blockchain for these transactions that would easily run on a very small server with a VERY large number of revocation transactions, so it's not like it's a large cost to run a service like this. Not to mention that the "fee" for these services could be paid by "penalty" forced onto the person that tried to cheat you when the revocation transaction is broadcast, incentivizing the watchdog service to catch the fraudulent transactions (since that's the only way they get paid).
Plus I have a feeling this can easily be a value-added service to many exchanges and custodial wallets.
That time is completely configurable between you and the person you are opening a channel with, 3 days just seems to be the number everyone is gravitating toward using as a good default since it's long enough that short times offline won't cause you to be vulnerable to fraudulent transactions, but not long enough to cause issue if the channel you are working with decides to close up suddenly (because after the locktime is up you can broadcast a transaction which gives you all the money in the channel).
And yes, your bank can reimburse your for fraudulent charges (the amount and timing depends on your location), but that also depends on your bank not deciding that your fraud isn't actually fraud, it depends on you (as in your person) constantly checking your accounts for fraud and manually reporting it to the proper channels when it happens, you are still out the money while they investigate and reimburse in some cases, they will lock and reissue your card which often takes days to arrive leaving you without a card in the meantime, they can deny your account entirely for any number of reasons, they can control what you are able to buy with your card for any number of reasons, the cost of a bank account is far from free, they can and will charge you to get access to your own money quite often, and they can deny you from withdrawing your own money at any time for just about any reason (including "you are withdrawing too much money").
Neither option is perfect, nobody says they are, but I really believe that a system like Bitcoin and LN are a significant improvement over the traditional banking system in many ways. It is worse in some ways for sure, but I feel the benefits far outweigh the down sides.
> 3 days? In contrast, your liability is capped at $500 if you inform your bank of debit card fraud within 60 days.
Unless your bank considers the fraud to have been caused by a lack of care on your behalf, in which case you will not be refunded and have virtually no means of appeal
(note: Obviously depends on your country and local laws)
Which is why trusted intermediaries like banks will arise. They will be responsible for monitoring the channels, and they'll do a good job of it. The important distinction, however, is that you will still have the option of broadcasting transactions to the main blockchain for a fee. Which means that you still have ultimate sovereignty over your funds.
So like banks, but with a much darker recent history of taking the money and running, none of the stability, and none of the insurance. All traded for the dubious benefit of broadcasting transactions to the blockchain, which seems like an empty sop to principle. I don’t care how many times “ultimate sovereignty” gets thrown around like it means anything important outside of a few narrow circles. As a currency Bitcoin just stinks, as an anonymous means of transferring money it stinks, but it’s a great way to shuffle money or rob someone.
If people didn’t think they were going to use bitcoin to get rich quick, they just wouldn’t care. Well, except for scammers and money launderers.
Whoever is running my node 24/7 is, if I want the convenience of money. If I’m using a paper wallet and a bank vault, I might as well buy platinum, for which demand is more than a phantom.
> Yes, but there will be a liquid market in such nodes.
How? You need to trust those nodes to provide not only a secure but also reliable service that will be online 24/7. A single outage, even if its only a minute long, can possibly lose you all your money in all channels. This means that centralization will happen almost immediately as high-availability is a very complex topic that is not achievable by amateurs. Especially when you are talking about more than 5 nines and actually mean 100%.
Trusting them might be, and of course it presents a perfect attack vector for a state to take a long ropey piss all over your “ultimate sovereignty” while chuckling deeply. That assumes that for some bizarre reason Bitcoin doesn’t bottom out when no more greater fools are left to hold the bag. Bitcoin hasn’t become a household word because more than a fraction of a percent want “ultimate sovereignty” over their money. Grandpa and Grandma know what bitcoin is, John Oliver has pieces on it, and Google is banning ads because people want to get rich quick off the back of it. When that music stops, the whole thing is going back to its ground state, which is zero.
> Trusting them might be, and of course it presents a perfect attack vector for a state to take a long ropey piss all over your “ultimate sovereignty” while chuckling deeply
And what attack vector is that? You're not really trusting these nodes. They can't steal your money.
> When that music stops, the whole thing is going back to its ground state, which is zero.
People have been predicting that since Bitcoin hit $10. Sure hasn't worked out well for them.
> I don’t care how many times “ultimate sovereignty” gets thrown around like it means anything important outside of a few narrow circles.
If you don't think it means something, then Bitcoin is not for you. But to basically all of the investors in gold, this is the property they care about.
Most people invest in precious metals becaus the rate of new precious metals entering the market is bound to be a trickle, demand is high, and it has value (and has for thousands of years). The fact that precious metals are fungible assets shouldn’t be lost on you either. A small minority of rubes do buy gold because they entertain apocalyptic fantasies in which they’d A. Survive and B. Be able to retain their money.
Most people who diversify into gold are not entertaining the fantasy that their governments don’t still control their fates.
> A small minority of rubes do buy gold because they entertain apocalyptic fantasies in which they’d A. Survive and B. Be able to retain their money.
You don't have to entertain the fantasy yourself to invest in it. You just have to trust that others do. That is what gold investment is, at a fundamental level.
Gold isn’t in all of our electronics over a fantasy. Platinum isn’t a unique catalyst over a fantasy. Neither are fungible only in a fantasy. Investing in materials with industrial value, and thousands of years of aesthetic value, and perfect fungibility bears no real resemblance to ”Investing” in crypto. As a bonus, the SEC isn’t breathing down the neck of precious metals.
Bitcoin has no real value, outside of a consensual fantasy.
> Gold isn’t in all of our electronics over a fantasy.
How much influence do you think the sum of Gold's industrial uses exert over its value? I'll tell you: nearly zero. It's all speculation.
> Bitcoin has no real value, outside of a consensual fantasy.
All currencies have a value endogenous to their ecosystem. Bitcoin is no different. Bitcoin is used to pay transaction fees in the Bitcoin network. US dollars derive their value because the US government accepts them for taxes. These are equivalent properties, each contingent on the success of the thing that issues them. Owning bitcoin is a bet on future demand for bitcoin, which is a bet on future demand for bitcoin transactions, which necessarily cost BTC to perform. If you believe Bitcoin will come to mediate a significant fraction of global commerce, it's a good investment. If you don't, it's not. It's as simple as that.
73% of gold is used in jewelry, a significant portion of the remainder is used in electronics and aerospace. To be honest though, if I were going to invest in a precious metal, I’d pick platinum, because it’s primary use is industrial, but it’s no less fungible than gold.
And we pay large amounts of money to middlemen to access these connections. And these middlemen can often block your traffic at will. Why not just use banks at this point?
If you want to be lame and try to invalidate an argument sure you can say there's a literal world of difference in an analogy, but thats the entire point of an analogy, to show similarity by demonstrating something relatively simple often in a wildly different context.
Theres still a middleman with plain BTC, its just that there are a ton of them, and little barrier to entry to becoming a middleman yourself. Lightning requires things which realistically only banks will be able to provide, large payment channels. The whole point is that when you can store your balance on a decentralize ledger, there's no need for a bank.
or are they still emulating banks by requiring permanent online super nodes?
This. The result seems likely to be massive centralized entrenchmemt, unless you believe that most people are going to trust their money to their own dedicated systems. Centralized bitcoin kills its “cyberpunk” dream, and lower tx fees don’t matter to the majority using this as a speculative asset. As a solution to replace money the question of what advantages exist in a centralized version of Bitcoin seems especially probing.
Of course, you’d have to believe that cryptocurrency is more than a quasi-legal distributed, headless Ponzi scheme for any of that to matter. Increasingly it seems clear that when you filter out the pump and dump noise, the only thing investors in crypto really believe is that they’re going to get rich.
For those who may not know the context, this has to do with long-term scaling of the Bitcoin network.
The very first public response to Satoshi's announcement of Bitcoin was an expression of doubt about scalability:
We very, very much need such a system, but the way I understand your proposal, it does not seem to scale to the required size.
...
To detect and reject a double spending event in a timely manner, one must have most past transactions of the coins in the transaction, which, naively implemented, requires each peer to have most past transactions, or most past transactions that occurred recently. If hundreds of millions of people are doing transactions, that is a lot of bandwidth - each must know all, or a substantial part thereof.
And the comment was spot-on. Naively implemented, Bitcoin can only scale linearly by putting every transaction onto the block chain. Double the transaction capacity means doubling the size of blocks.
Lightning Network scales the Bitcoin network by offering a secure method for keeping many, if not most, transactions off the block chain. This is done through a clever use of Script, Bitcoin's built-in programming language.
Two parties who want to transact at high speed jointly lock up some money with an on-chain transaction (thereby creating a "payment channel"). Then they send each other half-signed transactions spending the locked funds. Each transaction represents a kind of private ledger. Although any of these transactions can be published at any time, it will usually be mutually beneficial to avoid doing so and continue passing half-signed transactions back and forth. When it's time to call it quits, the last transaction is published.
In other words, the intermediate transactions never need to hit the block chain. Only the final settlement transaction needs to be published.
Lightning takes this one step further by providing a mechanism whereby a party can pay another party on behalf of a third party. This means that you can make Lightning payments without necessarily having an open channel with your intended payee. You just need an open channel and the network routes your payment.
Lightning Network has been in development for years. The idea has been repeatedly disparaged as "vaporware." The first mainnet release is a big deal because that characterization no longer applies. It also means we're going to see a real-world test of an idea that up until now hasn't been widely-tested.
The Bitcoin Cash split was due in large part to a group of Bitcoiners rejecting Lightning as a scaling option. They tend to believe not only that Bitcoin can scale by increasing block size, but that this is the best way.
One common misconception is that LN transactions rely on some amount of trust with 3rd parties, vs. on-chain Bitcoin transactions which do not. This is not the case, payment channels and even multi-hop LN transactions are just as secure as on-chain transactions, modulo one important assumption: that you (or a service you delegate) can monitor the blockchain and broadcast a transaction (which is then confirmed on-chain) refuting a peer that is trying to claim an old (larger) balance, within some time period. This could be an issue if the blockchain is highly congested.
Scalability of routing is another concern. It's suspected that the network topology will end up looking more like hub-and-spoke (not unlike the internet itself) than a mesh, which may have implications for privacy and censorship-resistance.
Lightning network allows for an arbitrary high number of tx, but can only tx on value that has specifically been locked to do so. Essentially you end up creating a bidirectional link for each on-chain tx, the weight of each link is the amount of value that can flow in that direction. Joining a bunch of these links together potentially allows for just locking up funds with some larger node in the LN and having near instant and extremely cheap payment to node that is traversable from your link.
One of the really cool things about this architecture is that as long as two blockchains offer atomic x-chain txs then the same principal should work for LN. (e.g. send litecoin down a LN payment channel the business gets bitcoin on the other end)
Unfortunately this does have security implications, LN's security model relies on monitoring the blockchain to ensure that the other side of the channel doesn't attempt to close the channel to their benefit, if they do there is remediation you can do, but you have to be monitoring the channel. Also an inability to close the payment channel (tx on the blockchain) within a certain # of blocks could result in the history of the payment channel getting cleared.
Basically if the bitcoin network experiences a huge tx backlog like we saw a couple months ago (tx fees exceeding 15-20 USD) and we see third party routers with high dependency/volume we could see a double spend attack that would be cost prohibitive to stop.
Par of the counter transaction system that LN has means that if someone tries to screw you over and you catch it, you get ALL of the money in the channel combined.
So if your channel was just $50 from both parties, you could broadcast your counter transaction with up to $50 in fees and still break even, since you are basically spending the fraudsters money.
There is no added risk of double spend in lightning. The risk in lightning is that your counterparty can close the channel on an old state that benefits them. If you, or your watchtower (not yet implemented) is not there to punish fast enough, they can run away with your bitcoin.
What happens if they DDOS you (or your watchtower) at the right moment? Most peoples' bandwidth is shit enough that forcing them offline is fairly straightforward.
Locktimes are about 3 days, they would have to ddos you for the whole time in order to steal anything. If at any point during those 3 days you are able to broadcast your transaction in any way, you get all the money in the channel from both participants.
That, along with hot wallets, is why lightning is a horrific security nightmare. It's not built to withstand adversarial attacks the way bitcoin itself was.
To be blunt, they took an elegant vision by Satoshi and shit all over it
Sorry I guess I was using double spend to characterize any situation where you think a tx has taken place, but another party rolls back to a different or prior state.
Each transaction spending the locked funds bears the signature of the party making the payment. The other party can then provide the counter-signature making the transaction valid on the Bitcoin network.
The main security problem to solve is preventing one party from publishing a previous channel state (half-signed transaction) giving themselves more money than they actually have by rights.
For example, Alice and Bob might start with a channel giving each of them 5 bitcoin. Then Alice makes two one-bitcoin payments to Bob:
A | B
------
4 | 6
3 | 7
Alice decides she wants to take back her last payment and instead publish the earlier transaction (signed by Bob) giving herself 4 bitcoin rather than the one giving herself 3.
This problem is solved with hashed timelock contracts (HTLCs). Without getting too technical, HTLCs make it possible for a party who spots a counterparty attempting to publish an invalid transaction to take all of the money in the channel (i.e., Bob would take all 10 bitcoin). The main idea is that cryptographic hash functions are one-way. If I make a payment contingent on knowing a preimage to a hash value, I can cause the payment to become valid by revealing the preimage.
Along with the signature to a transaction, Alice must also give Bob the preimage for the previous transaction before he will accept it. When she does, Bob knows that if Alice tries to play games, he can take all of her money.
This makes sense. However, this also means as one party of the off-chain transaction, I need to constantly monitor the main chain to make sure the other party doesn't try to screw me up. And if they do I need to publish the contract before they spend the money.
Is this correct? And how can this be made 100% bulletproof?
Basically each party has signed tx that prove the most recent balance of channel, when they want to close the channel they just broadcast the last signed txs.
Lightning in theory would allow for fast & cheap transactions, so BTC could really be used for payments instead of the "asset" it has become. Has been discussed for years with nothing to show. I remain skeptical. But if it works well, it could be a catalyst for mainstream adoption and increased price support.
>Has been discussed for years with nothing to show
Yes, it's literally an overnight success. I think they started coding this last night, and it's in beta today /s
On a more serious note, a lot of work has firstly gone into making sure all the different implementations work well with each other, aka the standardization problem. That's a big win in and of itself.
The routing problem isn't trivial either. Lightning currently uses an 'onion-like' routing scheme where, similar to TOR, the nodes have a very limited information on the origin and destination addresses. This is great news for privacy.
The lightning network has been running on the testnet successfully for many months now, and some early adopter merchants even accepted testnet coins for small purchases. Over a 1000 lightning nodes are currently running.
I was excited for Lightning until I've learned about Nano (formerly Raiblocks). It promised and actually delivered totally free AND near-instant transactions. Worth checking out if you didn't knew about it.
Every comment I see like this makes me less interested in looking into "Raiblocks" because it sounds exactly like vested interest shilling. Low content promotion of semi-obscure altcoins repeated in every single cryptocurrency discussion thread...
If you browse my history you'll see I'm not a shill for Nano. This is the first time I ever brought it up in a comment on HN. I genuinely just like the technology - while it has some small drawbacks, the benefits (free, fast and no-mining) far outweigh them in my opinion.
>I was excited for Lightning until I've learned about Nano (formerly Raiblocks). It promised and actually delivered totally free AND near-instant transactions. Worth checking out if you didn't knew about it.
It's worth nothing that lattice/DAG based cryptocurrencies offer different security guarantees compared to blockchain based ones, so it's not fair to compare them on transaction fee/volume alone. Sort of like it's not fair to compare SQL vs NoSQL.
I am very curious about this as well. In this example [0] someone was able to precompute 30k transactions in 5 hours with a single 1070. A mining farm with 100 video cards (capital cost of $40k) could generate a sustained load of 10k transactions per second. With precomputation, you could easily do an order of magnitude more damage. All of these transactions are stored permanently on the ledger as far as I can tell.
Nanoblocks does serve some purpose in my mind, but it has major issues to solve, and in no way is a catch-all solution for the scaling problems that Bitcoin has.
Your calculation is wrong. One 1070 is able to produce about 1.6 txs, so 100 x 1070 are able to produce 160 txs. For a full transaction you need to do two time POW (send and receive), so if you use the same cards to receive the tx also you are only able to produce 80 txs. Right now I do not think you would harm the network up to about 10k - 50k txs (a simple laptop is able to monitor about 1k txs). So you may want to target at least 10k txs, therefore you would need more than 10k graphic cards at a cost of about $500 each at least, this sums up to $5,000,000 and as I said it is not clear that this would harm the net in any substantial way.
My calculations are based on the numbers from the article I linked to. I'm guessing they might have changed the difficulty since that blog post was written?
Regardless though, I can precompute the PoW for each transaction, so I could preprocess for a month to get a higher tps.
Bitcoin is the only non-physical currency you can hold without counterparty risk. (If you have a bank account with EUR, and that bank freezes your account or shuts down because of bankruptcy, yo don't have access to your money.)
A Recall occurs when the Originator Bank requests to cancel a SEPA Credit Transfer. The Recall procedure must be initiated by the Originator Bank within 10 Banking Business Days after execution date of the SCT subject to the Recall.
...
A bank may initiate a Recall procedure for following reasons only:
• Duplicate sending
• Technical problems resulting in erroneous SCT(s)
Fraudulent payments mean things like e.g. a bank itself was hacked.
As an account holder you cannot recall a transfer. It is not possible.
In the past it was sometimes possible to cancel a transfer before it was processed by your bank (so the transfer was not booked yet), but nowadays transfers are processed essentially immediately. Some banks have never permitted this.
instead of immediately sending bitcoin itself you and an network of others basically end up trading signed transactions. when you finally want to settle you send the latest transaction to the network where it is settles on chain.
edit: i should say the final state of the wallets is settled on chain.
Ideally we just have something that can handle fast transaction volume without wasting a lot of electricity. Hedera Hashgraph looks like it might be able to do that. It's still very early, but lightning networks aren't the solution.
Keep in mind Hashgraph and Blockchain are very different, in that Hadera is a permissioned network with public access (each round has a known number of nodes that must participate to exit the round).
Because Hashgraph is BFT, a round is a round of voting for confirmation. Its done virtually but you have to have 2/3rds of nodes agree on the state to close a round and have a confirmed state. To have 2/3rds you have to have a fixed and known number of nodes in the round. See BFT for more information.
The point I was trying to make, is that they are very different in benefits and limitations.
Bitcoin's electricity use isn't due to transaction volume, it's due to mining. A 1kb block takes about the same amount of energy to produce as a 1MB block.
Yes, is does. However, the amount of electricity used isn't directly correlated with the number of transactions on the network. It instead follows the number of miners validating those transactions. A empty block validating no transaction takes more or less the same amount of work as a full block to mine. That was GP's point, I think.
That being said, having a lot of transactions going around is probably correlated with Bitcoin getting more popular, which is again probably correlated with more miners coming in, which would indeed lead to higher energy consumption. That's an indirect effect, however.
LN has so many drawbacks. Have to always be online, need to hold hot walkets, need liquidity provided at both ends (kyc/aml)...