際際滷

際際滷Share a Scribd company logo

Cryptomania! The Byzantine Generals Leave Their Garden

D
Dallas Kennedy

May 2019 Last part of a survey of distributed consensus, proof of work versus proof of stake, the Byzantine Generals Problem, and steps beyond block chains towards more comprehensive network solutions

1 of 28
1
Internet: immune system The missing key: an identity construct Of late, another urgent consideration: preserving and extending the originally distributed character of the Internet, under increasing threat from giant, concentrated platforms Tying it all together: achieving consensus on an open, permissionless network, where not every actor is necessarily honest or benevolent Problem of validating, aggregating, and representing distributed knowledge or consensus Proof of Work is BTCs contribution to secure distributed consensus. Large computational effort and slow time (one block ~ 10 minutes) provides such a high hurdle to jump over that its practically not worth it to attempt to spoof the BTC blockchain with fake or reordered transactions. After a few more blocks are added, would take 100s or 1000s yrs to recompute the whole thing to alter it; cant be timely. Intensive electric power sink, high fees, bottleneck by design. Peer-to-peer means, no single or small number of central servers. Everyones a node. Some history: packet switching, distributed networks 1960s Public key encryption1970s Hardware BFT systems (analog, limited) 1980s 2
Irreversible timestamps 1990s Major applications: Records: Origination, change, authorization Contracts: Origination, authorization, changes, conditional execution Monetary transactions: Authorization, ordering, validation Voting: Authentication, validation, aggregation 2
Ethereum Classic (ETC) hack: 51% attack. Briefly, one miner got control of about 60% of the mining power on the ETC pool and was able to rewrite the block chain. Inherent vulnerability with statistical consensus. Need to add new blocks to blockchain fast enough to prevent one miner from rewriting block at the tip of the chain. Essential to maintain distributed character of network, with an adequate number of agents to prevent > 50% control by one. Most smaller cryptocurrencies with fewer miners and smaller total supply are definitely vulnerable. Unlikely that ETH or BTC are vulnerable, but you never know. Not a matter of computing power per se, but of fraction of control of mining. Basic problem with POW. QuadrigaCX story from Canada more lurid. Founder Gerald Cotton apparently died, as the only person knowing all the password, in an Indian hospital or did he? Much of the money deposited with the exchange by investors was in accounts now discovered to be empty. Did he fake his death? Blockchain voting. Will require a large hashrate and large pool of miners to protect against hacking. Plus the surrounding infrastructure is never as secure. Needs careful consideration, testing, and piloting before can be trusted. 3
Chinese cell phone maker HTC now out with two phone models with blockchain technology, built-in wallet clients. BREAKING: Facebook trying to develop its own cryptocurrency and turn Facebook and related into crypto application platforms 3
4
5
Network-effect economics paradigm: Diminishing returns, rising marginal costs Positive curvature to C(Q): d^2C/dQ^2 > 0 and dC/dQ rising function of Q Or: Bitcoin is really just a fabulous way to consume vast amounts of electricity. 6
Classical school of economics: Smith, Ricardo, Malthus, Marx, Mill. A world of diminishing returns, like extractive activities (mining, fishing, hunting, farming). Rising marginal cost = cost of last unit produced = dC/dQ, where C(Q) = total cost of producing quantity Q. Curvature d^2C/dQ^2 > 0. Late 19th century: technology changed this. Modern network industries: railroads; electric, water, gas, telephone utilities; distribution of oil. Certain forms of mass production. Economies of scale, sometimes very strong. Supply curve = marginal cost curve falls with Q, instead of rising. Falling marginal cost = dC/dQ declines. Curvature d^2C/dQ^2 < 0. Tendency for most producers to be uneconomic, especially if large fixed costs. No stable equilibrium until one actor or a few actors grow very large. Result: One or a few surviving economically viable producers. Modern theory of monopoly and oligopoly: Cournot, Bertrand, Edgeworth, Pareto, Schumpeter, Robinson. Solutions: Allow monopoly, but regulate. Anti-monopoly action to break up monopolies and not allow consolidation. Both approaches used, with varying success. 7
9
PoW by design is slow and inefficient. A lot of wasted calculation trying to solve inverse hash problem. Keeps pruning virtual candidate blocks and chooses one as the new valid block in the end. Success gradually becomes dominated less by luck than by concentrated mining power -> source of monopolistic tendency. Bad feature for system trying to be distributed. PoS weight of probability assigned randomly, but weighted by stake of each node. Fixed or slowly growing supply of cryptocurrency, more like blackjack or poker, or some other game mainly controlled by luck. Doesnt produce anything permanent, unlike PoW. Repeated re- distribution of fixed or quasi-fixed currency supply; natural limit on concentrated ownership of all coins. Conventional PoS also uses linear topology, which still poses a bottleneck. Chooses one new block in the end. But eliminates waste of PoW mining. 10
Closed or partially closed system. Limited supply of cryptocoins slowly released on a schedule. Everyone playing with the same limited pool of coins. Natural limit to how much one actor can accumulate. With proxy staking, even coin holders who do not participate in a given round of consensus seeking can still make money off of lending their coins for that round. Not much skill involved. More like blackjack than poker. Classical economics paradigm: Diminishing returns, rising marginal costs. Positive C(Q) curvature: d^2C/dQ^2 > 0 and dC/dQ rising function of Q. 11
A return to the classical world, the world of diminishing returns and natural limits on the scale of each actor. Rising marginal cost = cost of last unit produced = dC/dQ, where C(Q) = total cost of producing quantity Q. Curvature d^2C/dQ^2 > 0. With some additional assumptions, can prove: at least one stable competitive equilibrium, la Adam Smiths invisible hand. 12
The 51% attack threat will probably doom many of the small cryptocurrencies. They just dont have the hash rate to keep ahead of one miner taking > 50% of the mining power and rewriting history, as it were. 13
Preserve distributed character of many actors (forgers instead of miners, viable economics that tends to prevent concentration) Leave behind statistically formed consensus that requires ever more mining and blocks to add to make earlier blocks hard to change. Unfortunate in the case of BTC that consensus problem was first solved in this context. BTC was built from the beginning as a difficult system no leadership or central server, no network state, large burden on each miner, favoring only the largest miners. Born and grew up in the shadow of the Great Financial Crisis of 2008 and growing mistrust of commercial and central banks. Better, comprehensive solutions possible and practical. General implementation of distributed consensus that is much faster, more secure, much more flexible, one that supports general applications, not just the narrow case of BTC, which is anonymous, permissionless, peer-to-peer with no state and no rigorous proof of irrevocability. Private: existence known, but activities closed to non-users. Permissioned = existence and 14
identity of users known. BTC permissionless. Want a system, like PoS, not subject to economies of scale and tendency toward a few miners increases chance of 1/3 rule being violated or a 51% malicious attack. --- DAG: directed acyclic graph * Directed: has direction or orientation from "earlier" to "later" in the graph. * Acyclic: partially or completely open, topological * Graph: nodes connected by edges A directed acyclic graph (DAG) is a finite directed graph with no directed cycles. That is, it consists of finitely many nodes and edges, with each edge directed from one node to another, such that there is no way to start at any node N and follow a consistently-directed sequence of edges that eventually loops back to N again. Equivalently, a DAG is a directed graph that has a topological ordering, a sequence of the nodes such that every edge is directed from earlier to later in the sequence. DAGs can model many different kinds of information: * A spreadsheet can be modeled as a DAG, with a node for each cell and an edge whenever the formula in one cell uses the value from another; a topological ordering of this DAG can be used to update all cell values when the spreadsheet is changed. * Similarly, topological orderings of DAGs can be used to order the compilation operations in a makefile. * The program evaluation and review technique uses DAGs to model the milestones and activities of large human projects, and schedule these projects to use as little total time as possible. * Combinational logic blocks in electronic circuit design, and the operations in dataflow programming languages, involve acyclic networks of processing elements. * DAGs can also represent collections of events and their influence on each other, either in a probabilistic structure such as a Bayesian network or as a record of historical data such as family trees or the version histories of distributed revision control systems. * DAGs can also be used as a compact representation of sequence data, such as the directed acyclic word graph representation of a collection of strings, or the binary decision diagram representation of sequences of binary choices. More abstractly, the reachability relation in a DAG forms a partial order, and any finite partial order may be represented by a DAG using reachability. 14
Clockwise from left: Directed acyclic graph Cyclic graph Acyclic graph 15
Alice uses Bobs public key to send him an encrypted message, which only Bob can decrypt using his private key. Public keys are generated from a private key. If Bob merely wishes to verify that Alice is the sender of the message, then instead she signs the data using her private key, and Bob verifies the signature using Alices public key to decrypt the message. Can Alice send a message encrypted with her private key that is decryptable using her public key? Anyone can decrypt it, but the fact that it was encrypted using Alices private key means Alice must have sent it. This is used, not to hide the content of the message, but to authenticate the source of the message. Obviously, any message that you do want to hide must be encrypted with the private key. (All of this assumes that Alices private key is in Alices possession, and only in Alices possession.) 16
The Byzantine generals are ready to attack a castle. They can communicate by couriers and have option of unambiguously signing their communications. One may be a traitor. Byzantine generals! Albanian generals! Maybe we pick on the Balkans too much. Deterministic means: always true rigorously, no matter how small N is, if assumptions hold. Statistical means: for large N and given enough multiple confirmations, probability of false consensus tends to zero as N . 17
DLT = distributed ledger technology 18
19
To make for a real transactional system, need volume and speed -- not 3 or 4, or 10 per second, but 10K or 100K per second. Must abandon chain topology. Make forking a virtue, not a problem. Preserve fairness of ordering. Produce tamper-proof distributed ledger with as much flexibility in behavior as possible. Many quirks in BTC result of particular choices of Nakamoto, both nature of network and algorithm and protocol, and monetary rules. To distribute metadata reliably across network, need robust, asynchronous protocol: Gossip (infectious disease model). Key: Gossip about gossip. The nodes know. (0th) All the nodes know that the nodes know. (1st) All the nodes know that all the nodes know that the nodes know. (2nd) 20
Hashgraph inventor: Leemon Baird. Swirlds and Hedera cofounders: Leemon Baird and Mance Harmon. Trust layer of the Internet Cloud without servers (peer-to-peer). This is the candidate Immune System. www.swirlds.com www.hederahashgraph.com. Some close competitors: Stellar (Lumens), Iota, Holochain Hedera decisively leaves behind the PoW and semi-anarchic era of BTC behind. Roots are in public networks and network security research, not Dark Web or cryptocurrency. Roots go back to late 1960s, not shaped by desire for anonymous web presence or the Great Financial Crisis. Not amateur or DYI. This is for professional, for real. Code model: transparent but not open source. Rather, open review. Testing: credit unions, some banks. Mostly permissioned so far. Underway with permissionless (open/anonymous). Declining anonymity: Who is Satoshi Nakamoto? But Ethereum is Vitaly Buterin, and every other cryptocoin system is put out there by known personalities. World not mainly 21
interested in secrecy or anonymity. What it is the focus of worry is achieving robust distributed consensus. Supports anonymous (limited in financial authorizations) and named (through private-public key pairs bound to hash of verified identity) Permissionless (like BTC) open network and permissioned (controlled and identified access). Fully tested in permissioned case. Permissionless (open network)) is the big unknown. Forking not only allowed but built-in feature. Possibly to branch a fork of Hedera by inheritance of signed state at time of branch. Breaking of topology (by a firewall, say) also not a problem. Its detected, and broken-off branch ceases to have any relationship to Hedera unless it rejoins with a signed state. daBFT = deterministic (mathematically certain if conditions are met) / asynchronous (by virtue of Gossip protocol) / Byzantine fault tolerant (1/3 rule) Layer 0. Internet (TCP/IP). Uses IP addresses and ports, not symbolic names > Immune to DNS attacks. Layer 1. TLS cryptographic security meets highest US government standard (Transport Layer Security). Layer 2. Hashgraph consensus system Layer 3. Cryptocurrency Filesystem/database Applications/Smart Contracts (Solidity) Sharding = partitioning by rows. Shards retain their own consensus states, so that network as a whole remains in verified consensus. Applications include: smart contracts, records, online games, file sharing, file space and other hardware and software rental, etc. 21
End of World War II (1945) Distributed networks and origins of the Internet 1960s..1980s Public key encryption and the Byzantine Generals Problem 1970s..1980s First experiments with digital money 1980s..2000s Cryptoanarchy/Dark Web 1990s..2000s Internet 2.0/social media/rise of large and vulnerable concentrated platforms, threat of anonymous and malicious actors, crisis of (lack of) identity 2000s..2010s . Origins of Internet fears of partial destruction of networks of civilization and government. How to function and start reconstruction? Byzantine Generals Problem already implicit. Release of Cold War-era research and technology into civilian markets in 1970s, 1980s, and 1990s, including PGP, Dark Web, and more. Convergence at Great Financial Crisis 2007-9, motivated public, anonymous digital currency Bitcoin (BTC) with blockchain, public ledger, and Proof of Work as major innovations. Cryptonomicon and other science fiction of that era also reflect this thinking. Now diverging blockchain will remain in some form, with PoS more prominent and need for metadata and network governance central properly implemented, powerful solution and alternative to vulnerable centralized networks Legacy and specialized crypto platforms will remain: BTC (currency) and ETH (application platform), money transfer (XRP 22
= Ripple, XLM = Stellar Lumens) with different ways of establishing trust on a network and varying speeds. 22
https://www.microsoft.com/en-us/research/publication/reaching-agreement-presence- faults/ https://www.microsoft.com/en-us/research/publication/byzantine-generals-problem/ https://www.microsoft.com/en-us/research/publication/weak-byzantine-generals- problem/ https://tools.ietf.org/html/rfc4998 More technical: Mastering Blockchain: Distributed ledger technology, decentralization, and smart contracts explained, 2nd Edition. I. Bashir, Packt Publishing, 2018 (e-book). Font and origin of all modern social aggregation and coordination discussion: F. A. Hayek, The Use of Knowledge in Society, Am. Econ. Rev. 35(4), September 1945 23
N of N beats N of 1 or 1 of N. 24

More Related Content

Cryptomania! The Byzantine Generals Leave Their Garden

  • 1. 1
  • 2. Internet: immune system The missing key: an identity construct Of late, another urgent consideration: preserving and extending the originally distributed character of the Internet, under increasing threat from giant, concentrated platforms Tying it all together: achieving consensus on an open, permissionless network, where not every actor is necessarily honest or benevolent Problem of validating, aggregating, and representing distributed knowledge or consensus Proof of Work is BTCs contribution to secure distributed consensus. Large computational effort and slow time (one block ~ 10 minutes) provides such a high hurdle to jump over that its practically not worth it to attempt to spoof the BTC blockchain with fake or reordered transactions. After a few more blocks are added, would take 100s or 1000s yrs to recompute the whole thing to alter it; cant be timely. Intensive electric power sink, high fees, bottleneck by design. Peer-to-peer means, no single or small number of central servers. Everyones a node. Some history: packet switching, distributed networks 1960s Public key encryption1970s Hardware BFT systems (analog, limited) 1980s 2
  • 3. Irreversible timestamps 1990s Major applications: Records: Origination, change, authorization Contracts: Origination, authorization, changes, conditional execution Monetary transactions: Authorization, ordering, validation Voting: Authentication, validation, aggregation 2
  • 4. Ethereum Classic (ETC) hack: 51% attack. Briefly, one miner got control of about 60% of the mining power on the ETC pool and was able to rewrite the block chain. Inherent vulnerability with statistical consensus. Need to add new blocks to blockchain fast enough to prevent one miner from rewriting block at the tip of the chain. Essential to maintain distributed character of network, with an adequate number of agents to prevent > 50% control by one. Most smaller cryptocurrencies with fewer miners and smaller total supply are definitely vulnerable. Unlikely that ETH or BTC are vulnerable, but you never know. Not a matter of computing power per se, but of fraction of control of mining. Basic problem with POW. QuadrigaCX story from Canada more lurid. Founder Gerald Cotton apparently died, as the only person knowing all the password, in an Indian hospital or did he? Much of the money deposited with the exchange by investors was in accounts now discovered to be empty. Did he fake his death? Blockchain voting. Will require a large hashrate and large pool of miners to protect against hacking. Plus the surrounding infrastructure is never as secure. Needs careful consideration, testing, and piloting before can be trusted. 3
  • 5. Chinese cell phone maker HTC now out with two phone models with blockchain technology, built-in wallet clients. BREAKING: Facebook trying to develop its own cryptocurrency and turn Facebook and related into crypto application platforms 3
  • 6. 4
  • 7. 5
  • 8. Network-effect economics paradigm: Diminishing returns, rising marginal costs Positive curvature to C(Q): d^2C/dQ^2 > 0 and dC/dQ rising function of Q Or: Bitcoin is really just a fabulous way to consume vast amounts of electricity. 6
  • 9. Classical school of economics: Smith, Ricardo, Malthus, Marx, Mill. A world of diminishing returns, like extractive activities (mining, fishing, hunting, farming). Rising marginal cost = cost of last unit produced = dC/dQ, where C(Q) = total cost of producing quantity Q. Curvature d^2C/dQ^2 > 0. Late 19th century: technology changed this. Modern network industries: railroads; electric, water, gas, telephone utilities; distribution of oil. Certain forms of mass production. Economies of scale, sometimes very strong. Supply curve = marginal cost curve falls with Q, instead of rising. Falling marginal cost = dC/dQ declines. Curvature d^2C/dQ^2 < 0. Tendency for most producers to be uneconomic, especially if large fixed costs. No stable equilibrium until one actor or a few actors grow very large. Result: One or a few surviving economically viable producers. Modern theory of monopoly and oligopoly: Cournot, Bertrand, Edgeworth, Pareto, Schumpeter, Robinson. Solutions: Allow monopoly, but regulate. Anti-monopoly action to break up monopolies and not allow consolidation. Both approaches used, with varying success. 7
  • 10. 9
  • 11. PoW by design is slow and inefficient. A lot of wasted calculation trying to solve inverse hash problem. Keeps pruning virtual candidate blocks and chooses one as the new valid block in the end. Success gradually becomes dominated less by luck than by concentrated mining power -> source of monopolistic tendency. Bad feature for system trying to be distributed. PoS weight of probability assigned randomly, but weighted by stake of each node. Fixed or slowly growing supply of cryptocurrency, more like blackjack or poker, or some other game mainly controlled by luck. Doesnt produce anything permanent, unlike PoW. Repeated re- distribution of fixed or quasi-fixed currency supply; natural limit on concentrated ownership of all coins. Conventional PoS also uses linear topology, which still poses a bottleneck. Chooses one new block in the end. But eliminates waste of PoW mining. 10
  • 12. Closed or partially closed system. Limited supply of cryptocoins slowly released on a schedule. Everyone playing with the same limited pool of coins. Natural limit to how much one actor can accumulate. With proxy staking, even coin holders who do not participate in a given round of consensus seeking can still make money off of lending their coins for that round. Not much skill involved. More like blackjack than poker. Classical economics paradigm: Diminishing returns, rising marginal costs. Positive C(Q) curvature: d^2C/dQ^2 > 0 and dC/dQ rising function of Q. 11
  • 13. A return to the classical world, the world of diminishing returns and natural limits on the scale of each actor. Rising marginal cost = cost of last unit produced = dC/dQ, where C(Q) = total cost of producing quantity Q. Curvature d^2C/dQ^2 > 0. With some additional assumptions, can prove: at least one stable competitive equilibrium, la Adam Smiths invisible hand. 12
  • 14. The 51% attack threat will probably doom many of the small cryptocurrencies. They just dont have the hash rate to keep ahead of one miner taking > 50% of the mining power and rewriting history, as it were. 13
  • 15. Preserve distributed character of many actors (forgers instead of miners, viable economics that tends to prevent concentration) Leave behind statistically formed consensus that requires ever more mining and blocks to add to make earlier blocks hard to change. Unfortunate in the case of BTC that consensus problem was first solved in this context. BTC was built from the beginning as a difficult system no leadership or central server, no network state, large burden on each miner, favoring only the largest miners. Born and grew up in the shadow of the Great Financial Crisis of 2008 and growing mistrust of commercial and central banks. Better, comprehensive solutions possible and practical. General implementation of distributed consensus that is much faster, more secure, much more flexible, one that supports general applications, not just the narrow case of BTC, which is anonymous, permissionless, peer-to-peer with no state and no rigorous proof of irrevocability. Private: existence known, but activities closed to non-users. Permissioned = existence and 14
  • 16. identity of users known. BTC permissionless. Want a system, like PoS, not subject to economies of scale and tendency toward a few miners increases chance of 1/3 rule being violated or a 51% malicious attack. --- DAG: directed acyclic graph * Directed: has direction or orientation from "earlier" to "later" in the graph. * Acyclic: partially or completely open, topological * Graph: nodes connected by edges A directed acyclic graph (DAG) is a finite directed graph with no directed cycles. That is, it consists of finitely many nodes and edges, with each edge directed from one node to another, such that there is no way to start at any node N and follow a consistently-directed sequence of edges that eventually loops back to N again. Equivalently, a DAG is a directed graph that has a topological ordering, a sequence of the nodes such that every edge is directed from earlier to later in the sequence. DAGs can model many different kinds of information: * A spreadsheet can be modeled as a DAG, with a node for each cell and an edge whenever the formula in one cell uses the value from another; a topological ordering of this DAG can be used to update all cell values when the spreadsheet is changed. * Similarly, topological orderings of DAGs can be used to order the compilation operations in a makefile. * The program evaluation and review technique uses DAGs to model the milestones and activities of large human projects, and schedule these projects to use as little total time as possible. * Combinational logic blocks in electronic circuit design, and the operations in dataflow programming languages, involve acyclic networks of processing elements. * DAGs can also represent collections of events and their influence on each other, either in a probabilistic structure such as a Bayesian network or as a record of historical data such as family trees or the version histories of distributed revision control systems. * DAGs can also be used as a compact representation of sequence data, such as the directed acyclic word graph representation of a collection of strings, or the binary decision diagram representation of sequences of binary choices. More abstractly, the reachability relation in a DAG forms a partial order, and any finite partial order may be represented by a DAG using reachability. 14
  • 17. Clockwise from left: Directed acyclic graph Cyclic graph Acyclic graph 15
  • 18. Alice uses Bobs public key to send him an encrypted message, which only Bob can decrypt using his private key. Public keys are generated from a private key. If Bob merely wishes to verify that Alice is the sender of the message, then instead she signs the data using her private key, and Bob verifies the signature using Alices public key to decrypt the message. Can Alice send a message encrypted with her private key that is decryptable using her public key? Anyone can decrypt it, but the fact that it was encrypted using Alices private key means Alice must have sent it. This is used, not to hide the content of the message, but to authenticate the source of the message. Obviously, any message that you do want to hide must be encrypted with the private key. (All of this assumes that Alices private key is in Alices possession, and only in Alices possession.) 16
  • 19. The Byzantine generals are ready to attack a castle. They can communicate by couriers and have option of unambiguously signing their communications. One may be a traitor. Byzantine generals! Albanian generals! Maybe we pick on the Balkans too much. Deterministic means: always true rigorously, no matter how small N is, if assumptions hold. Statistical means: for large N and given enough multiple confirmations, probability of false consensus tends to zero as N . 17
  • 20. DLT = distributed ledger technology 18
  • 21. 19
  • 22. To make for a real transactional system, need volume and speed -- not 3 or 4, or 10 per second, but 10K or 100K per second. Must abandon chain topology. Make forking a virtue, not a problem. Preserve fairness of ordering. Produce tamper-proof distributed ledger with as much flexibility in behavior as possible. Many quirks in BTC result of particular choices of Nakamoto, both nature of network and algorithm and protocol, and monetary rules. To distribute metadata reliably across network, need robust, asynchronous protocol: Gossip (infectious disease model). Key: Gossip about gossip. The nodes know. (0th) All the nodes know that the nodes know. (1st) All the nodes know that all the nodes know that the nodes know. (2nd) 20
  • 23. Hashgraph inventor: Leemon Baird. Swirlds and Hedera cofounders: Leemon Baird and Mance Harmon. Trust layer of the Internet Cloud without servers (peer-to-peer). This is the candidate Immune System. www.swirlds.com www.hederahashgraph.com. Some close competitors: Stellar (Lumens), Iota, Holochain Hedera decisively leaves behind the PoW and semi-anarchic era of BTC behind. Roots are in public networks and network security research, not Dark Web or cryptocurrency. Roots go back to late 1960s, not shaped by desire for anonymous web presence or the Great Financial Crisis. Not amateur or DYI. This is for professional, for real. Code model: transparent but not open source. Rather, open review. Testing: credit unions, some banks. Mostly permissioned so far. Underway with permissionless (open/anonymous). Declining anonymity: Who is Satoshi Nakamoto? But Ethereum is Vitaly Buterin, and every other cryptocoin system is put out there by known personalities. World not mainly 21
  • 24. interested in secrecy or anonymity. What it is the focus of worry is achieving robust distributed consensus. Supports anonymous (limited in financial authorizations) and named (through private-public key pairs bound to hash of verified identity) Permissionless (like BTC) open network and permissioned (controlled and identified access). Fully tested in permissioned case. Permissionless (open network)) is the big unknown. Forking not only allowed but built-in feature. Possibly to branch a fork of Hedera by inheritance of signed state at time of branch. Breaking of topology (by a firewall, say) also not a problem. Its detected, and broken-off branch ceases to have any relationship to Hedera unless it rejoins with a signed state. daBFT = deterministic (mathematically certain if conditions are met) / asynchronous (by virtue of Gossip protocol) / Byzantine fault tolerant (1/3 rule) Layer 0. Internet (TCP/IP). Uses IP addresses and ports, not symbolic names > Immune to DNS attacks. Layer 1. TLS cryptographic security meets highest US government standard (Transport Layer Security). Layer 2. Hashgraph consensus system Layer 3. Cryptocurrency Filesystem/database Applications/Smart Contracts (Solidity) Sharding = partitioning by rows. Shards retain their own consensus states, so that network as a whole remains in verified consensus. Applications include: smart contracts, records, online games, file sharing, file space and other hardware and software rental, etc. 21
  • 25. End of World War II (1945) Distributed networks and origins of the Internet 1960s..1980s Public key encryption and the Byzantine Generals Problem 1970s..1980s First experiments with digital money 1980s..2000s Cryptoanarchy/Dark Web 1990s..2000s Internet 2.0/social media/rise of large and vulnerable concentrated platforms, threat of anonymous and malicious actors, crisis of (lack of) identity 2000s..2010s . Origins of Internet fears of partial destruction of networks of civilization and government. How to function and start reconstruction? Byzantine Generals Problem already implicit. Release of Cold War-era research and technology into civilian markets in 1970s, 1980s, and 1990s, including PGP, Dark Web, and more. Convergence at Great Financial Crisis 2007-9, motivated public, anonymous digital currency Bitcoin (BTC) with blockchain, public ledger, and Proof of Work as major innovations. Cryptonomicon and other science fiction of that era also reflect this thinking. Now diverging blockchain will remain in some form, with PoS more prominent and need for metadata and network governance central properly implemented, powerful solution and alternative to vulnerable centralized networks Legacy and specialized crypto platforms will remain: BTC (currency) and ETH (application platform), money transfer (XRP 22
  • 26. = Ripple, XLM = Stellar Lumens) with different ways of establishing trust on a network and varying speeds. 22
  • 27. https://www.microsoft.com/en-us/research/publication/reaching-agreement-presence- faults/ https://www.microsoft.com/en-us/research/publication/byzantine-generals-problem/ https://www.microsoft.com/en-us/research/publication/weak-byzantine-generals- problem/ https://tools.ietf.org/html/rfc4998 More technical: Mastering Blockchain: Distributed ledger technology, decentralization, and smart contracts explained, 2nd Edition. I. Bashir, Packt Publishing, 2018 (e-book). Font and origin of all modern social aggregation and coordination discussion: F. A. Hayek, The Use of Knowledge in Society, Am. Econ. Rev. 35(4), September 1945 23
  • 28. N of N beats N of 1 or 1 of N. 24