Some weaknesses in either the DPOS algorithm or its explanation

in #cryptocurrency7 years ago

I'm pretty horrified at the BitCoin Proof-of-Work algorithm (POW), in that I feel that it is enormously wasteful of computing resources - which translates to electrical power. I really prefer the idea of the Delegated Proof of Stake algorithm (DPOS). However, I think there are a few weaknesses in there that really should be fleshed out. And if they have - that's great - hopefully someone can put some of those explanations to paper! But if they haven't, I really do think they need to be.

The two articles I'm looking at are the Bitshares Paper, and the "Missing White Paper". My Cryptocurrency sparring partner @lukestokes recommended the latter.

Ultimately, my concerns are:

  1. What happens if all of the block producers collude (or a sufficiently large fraction to control production does)?
  2. What hidden 'centralizations' are happening that could make it so that one entity an control who ends up producing blocks?

I don't think that these two problems are even necessarily unsolvable, and I'm not even sure that they are even unsolved. I just don't see treatment of them in the papers, and I think answering these two questions is really important.

On my first reading of the BitShares paper, as I'm reading various sections, I keep asking "By who? How?" And I shouldn't have to be asking those questions. Examples:

The top N witnesses by total approval are selected.

By who? How? How do we ensure that they really are? What happens if people (nodes) disagree about who those top N are?

The witnesses are then shuffled, and ....

By who? How? How can we have a deterministic order when we 'shuffle', if every node is doing a shuffle? Unless 'shuffle' is defined some other way...(hash function based on time, maybe?)? Note: the "Missing White Paper" has a paragraph that explains this in a way that satisfies me.

There are other cases, some of which I think I already have answers for, but that critical eye when reading that first paper is important.

Next, the "Missing White Paper" -

This one completely skips the part I'm most concerned about - voting, verification, and voting-out bad actors. It goes mostly into why particular forks will be treated particular ways, and I still think I see lots of hand-waving.

I was going to start to point out that the various minority scenarios have weaknesses in them, but upon reflection I don't think it's necessary. I'll just concede that if you're a Bad Guy in the Minority, you're going to keep being outvoted by the Good Guys. That's fine, and good, and how it should work. I think that rather than going over these scenarios, we should explain more how the 'good guys' would decide to ignore your blocks. What if you are a minority producer, and you use a bunch of 'shadow nodes' - which aren't elected witnesses - to produce blocks? What if you cheat and produce blocks too fast? What if you lie on the timestamps? What if you create an entire false history back in the past, and try to integrate that? Would the longest chain still win? Would every witness, or non-Witness 'observer' of the chain have to try and confirm every single transaction back into the beginning of history?

The real part that is most important to me is "Corruption of Majority of Producers". And I think that ought to be the lede, here. What's really important is that non-Witness 'observers' are constantly looking at the blockchain, looking at the behavior of each elected Witness, and then either "calling out" bad behavior (pointing out inconsistencies on the blockchain), and also, of course, changing their votes. I'll talk more about this later, and I think this is the majority of my point.

In "Transactions as Proof of Stake (TaPoS)" -

A side effect of this process is security against long-range attacks that attempt to generate alternative chains. Individual stakeholders directly confirm the blockchain every time they transact. Over time all blocks are confirmed by all stakeholders and this is something that cannot be replicated in a forged chain.

This sounds like this could be turned around, and could be used to falsify a forged chain - just throw a bunch of transactions against blocks in it. One might even be able to do this with less than 51% of the network - just have your corrupt Witness as well as a bunch of shadow nodes creating pseudotransactions on your forged chain, and suddenly your chain might seem like the good one.

"Deterministic Producer Shuffling" - this addresses my concern about the 'Shuffle' above.

My Concerns, and the three parts I care about most

'Observers'

I think the most important feature here in DPOS is not focused on enough. While there may be 'N' active, elected Witnesses at any one time, there also needs to be a far larger number of what I'm calling 'Observers' (and, who knows, this might already be handled). Observers need to be constantly looking at the entire blockchain, as well as forks. They need to be looking for transactions that have been censored, people trying to somehow 'magic in' new currency, people trying to alter history with bad forks - and they need to yell about it. If they see something bad in the blockchain - and the blockchain is public - they can point to particular addresses, and point to particular Witnesses and be able to say "Hey! Everybody! This witness is totally screwing with things here! Vote them OUT!" Anyone would be able to look at the exact same blockchain data and make a decision for themselves. Bad-behavior Observers (trying to collude with forgers, or censor out transactions) would have to be associated with a negative reputation. Many observers would have to exist in order to handle this. I'm OK with not building in some kind of kooky reputation system for this, as I feel it would be game-able. I'm fine with just using regular, good old-fashioned web pages (Steemit pages would probably be fine, I suppose?) and good old human language to police this.

Voting

<sarcasm>Luckily, every time there is a voting event, there is always perfect agreement about the results </sarcasm>

This is really crucial, and is completely skipped in both papers. How do I know my vote has been counted? How can we all agree on who really should be the top Witnesses? What happens if different people disagree on the tallies? Where is the vote stored? How do we prevent double-voting? How do we prevent sock-puppet voting? And I could go on, and on, and on. What's to prevent a corrupt witness from bribing people - "Hey, vote for me and you'll get $x SBD every y hours!"

And the only answer I think I know is that the voting probably happens on the Blockchain somewhere? That's the only thing that would make any sense to me. Having it in some centralized data store is just....completely insane. It can't be implemented that way. I'm not even going to bother talking about the weaknesses of that scenario because they are so blatant and obvious. But the rest of my questions - I don't know the answers. And I think we need to know those answers, don't we?

Hidden Centralization

steemit://uberbrady/blog_post_slug - and then be able to have various different applications (or web applications) be able to parse that into a web page.This is, perhaps, a problem more with Steemit than the DPOS algorithm itself. But if the primary way that everyone interacts with the Blockchain is through a centralized app - then...how do we know that that app isn't corrupted or compromised? And having one 'primary' or 'reference' implementation for a "Blockchain displayer app" - that effectively is a pretty centralized solution. I would hope there would be a couple of other implementations of applications that can view blog posts, comments, etc. Then, at least, we could start to look at differences between the two. Of course, there's definitely some weird business that could happen when my exact blog post is on http://steemit.com/@uberbrady as well as http://otherblockchaindisplayer.blorg/still_uberbrady. That's more about the 'canonical reference location of content' rather than anything else, and I guess the way I would try and think about that is a custom URI protocol -

Conclusion

I still think there is absolutely a lot to like about DPOS. I think that POW has a huge advantage over it in terms of simplicity and less enforced trust; when everyone is actively competing, it really does help level the playing field. But I really do like the substantially smaller amount of waste inherent in DPOS. But I think I would feel better if there were less centralization, better documentation about voting, and a more formalized definition of the 'observer' role.

Sort:  
Loading...

I'm putting this in as a comment because I don't want to change my article after people have already read it.

There's a fourth problem and I don't know how to handle this one, either.

So let's say we have a witness who has been nothing but stellar and perfect reputation. Either the witness becomes a bad person, was already a bad person - or maybe just got hacked. Suddenly, a bad transaction is introduced. A huuuuge bad transaction, like, a million dollars worth.

How is that ever reversed? I mean, fair enough, we can now 'vote the jerk out' - but that million dollar transaction is part of the blockchain now (or a million-dollar transaction has been censored out). Somebody may have just gotten shafted pretty hard, there. What happens next?

Answering again: The next witness in that round will immediately reject the block and make witness one miss a block. After 24 hours of missed blocks that witness is automatically disabled. And we have alerts for missing blocks and will by then already have multiple witnesses screaming that that witness is hacked.

(answering all this as a steem witness, bts is similar but can have subtle differences)

These are great answers, @reggaemuffin. Anywhere you know of where I can read this level of in-depth protocol nerdery? Or would I have to go trudging through the source?

Most of my knowledge is from using steem, from being a witness, from developing apps for the Blockchain and from other apps that visualize some of it. The actual steem source is something I did not yet have the time to go through.

If you have any questions, ask me and I can try to answer them and/or point you to good resources where you can read about them.

(if you like what I do and feel I am beneficial to the Blockchain, vote me as a witness 😉)

Done!!!

Thank you for your support :)