diff --git a/docs/blockdag_consensus.md b/docs/blockdag_consensus.md index 2f19616..a4fa579 100644 --- a/docs/blockdag_consensus.md +++ b/docs/blockdag_consensus.md @@ -77,11 +77,11 @@ from the same representative sample. For each peer that could be on the network, including those that have been sleeping in a cold wallet for years, each peer keeps a running cumulative -total of that peers stake. With every new block, the peers stake is added to +total of that peers shares. With every new block, the peers shares is added to its total. On each block of the chain, a peer’s rank is the bit position of the highest -bit of the running total that rolled over when its stake was added for that +bit of the running total that rolled over when its shares was added for that block. *edit note* @@ -94,13 +94,13 @@ Which gives the same outcome, that on average and over time, the total weight wi *end edit note* -So if Bob has a third of the stake of Carol, and $N$ is a rank that -corresponds to bit position higher than the stake of either of them, then +So if Bob has a third of the shares of Carol, and $N$ is a rank that +corresponds to bit position higher than the shares of either of them, then Bob gets to be rank $R$ or higher one third as often as Carol. But even if -his stake is very low, he gets to be high rank every now and then. +his he has a very small shareholding, he gets to be high rank every now and then. A small group of the highest ranking peers get to decide on the next block, -and the likelihood of being a high ranking peer depends on stake. +and the likelihood of being a high ranking peer depends on shares. They produce the next block by unanimous agreement and joint signature. The group is small enough that this is likely to succeed, and if they do not, @@ -239,7 +239,7 @@ this, and the system needs to be able to produce a sensible result even if some peers maliciously or through failure do not generate sequential signature sequence numbers. -Which, in the event of a fork, will on average reflect the total stake of +Which, in the event of a fork, will on average reflect the total shares of peers on that fork. If two prongs have the same weight, take the prong with the most transactions. If they have the same weight and the same number of transactions, hash all the public keys of the signatories that formed the @@ -247,7 +247,7 @@ blocks, their ranks, and the block height of the root of the fork and take the prong with the largest hash. This value, the weight of a prong of the fork will, over time for large deep -forks, approximate the stake of the peers online on that prong, without the +forks, approximate the shares of the peers online on that prong, without the painful cost taking a poll of all peers online, and without the considerable risk that that poll will be jammed by hostile parties. @@ -444,7 +444,7 @@ I have become inclined to believe that there is no way around making some peers special, but we need to distribute the specialness fairly and uniformly, so that every peer get his turn being special at a certain block height, with the proportion of block heights at which he is special being -proportional to his stake. +proportional to his shares. If the number of peers that have a special role in forming the next block is very small, and the selection and organization of those peers is not @@ -554,7 +554,7 @@ while blocks that received the other branch first continue to work on that branch, until one branch gets ahead of the other branch, whereupon the leading branch spreads rapidly through the peers. With proof of share, that is not going work, one can lengthen a branch as fast as you please. Instead, -each branch has to be accompanied by evidence of the weight of stake of +each branch has to be accompanied by evidence of the weight of shares of peers on that branch. Which means the winning branch can start spreading immediately. @@ -681,17 +681,17 @@ limit, see: themselves can commit transactions through the peers, if the clients themselves hold the secret keys and do not need to trust the peers. -# Calculating the stake of a peer +# Calculating the shares represented by a peer We intend that peers will hold no valuable or lasting secrets, that all the value and the power will be in client wallets, and the client wallets with most of the value, who should have most of the power, will seldom be online. -I propose proof of share. The stake of a peer is not the stake it owns, but -the stake that it has injected into the blockchain on behalf of its clients -and that its clients have not spent yet, or stake that some client wallet +I propose proof of share. The shares of a peer is not the shares it owns, but +the shares that it has injected into the blockchain on behalf of its clients +and that its clients have not spent yet, or shares that some client wallet somewhere has chosen to be represented by that peer. Likely only the -whales will make a deliberate and conscious decision to have their stake +whales will make a deliberate and conscious decision to have their shares represented by a peer, and it will be a peer that they likely control, or that someone they have some relationship with controls, but not necessarily a peer that they use for transactions. diff --git a/docs/design/proof_of_share.md b/docs/design/proof_of_share.md index 8ffb5b0..644210b 100644 --- a/docs/design/proof_of_share.md +++ b/docs/design/proof_of_share.md @@ -55,7 +55,7 @@ Initial Public Offering (IPO). {target="_blank"} Because current blockchains are proof of work, rather than proof of -stake, they give coin holders no power. Thus an initial coin offering +shares, they give coin holders no power. Thus an initial coin offering (ICO) is not a promise of general authority over the assets of the proposed company, but a promise of future goods or services that will be provided by the company. A proof of share ICO could function as a more @@ -451,12 +451,12 @@ be controlled by private keys known only to client wallets, but most transactions or transaction outputs shall be registered with one specific peer.  The blockchain will record a peer’s uptime, its provision of storage and bandwidth to the blockchain, and the amount of -stake registered with a peer.  To be a peer in good standing, a peer has +shares registered with a peer.  To be a peer in good standing, a peer has to have a certain amount of uptime, supply a certain amount of bandwidth -and storage to the blockchain, and have a certain amount of stake +and storage to the blockchain, and have a certain amount of shares registered to it.  Anything it signed as being in accordance with the rules of the blockchain must have been in accordance with the rules of -the blockchain.  Thus client wallets that control large amounts of stake +the blockchain.  Thus client wallets that control large amounts of shares vote which peers matter, peers vote which peer is primus inter pares, and the primus inter pares settles double spending conflicts and suchlike. @@ -500,7 +500,7 @@ protocol where they share transactions around. During gossip, they also share opinions on the total past of the blockchain. If each peer tries to support past consensus, tries to support the opinion of -what looks like it might be the majority of peers by stake that it sees in +what looks like it might be the majority of peers by shares that it sees in past gossip events, then we get rapid convergence to a single view of the less recent past, though each peer initially has its own view of the very recent past. @@ -688,20 +688,20 @@ network, we need the one third plus one to reliably verify that there is no other one third plus one, by sampling geographically distant and network address distant groups of nodes. -So, we have fifty percent by weight of stake plus one determining policy, +So, we have fifty percent by weight of shares plus one determining policy, and one third of active peers on the network that have been nominated by -fifty percent plus one of weight of stake to give effect to policy +fifty percent plus one of weight of shares to give effect to policy selecting particular blocks, which become official when fifty percent plus one of active peers the network that have been nominated by fifty percent -plus one of weight of stake have acked the outcome selected by one third +plus one of weight of shares have acked the outcome selected by one third plus one of active peers. In the rare case where half the active peers see timeouts from the other half of the active peers, and vice versa, we could get two blocks, each endorsed by one third of the active peers, which case would need to be -resolved by a fifty one percent vote of weight of stake voting for the +resolved by a fifty one percent vote of weight of shares voting for the acceptable outcome that is endorsed by the largest group of active peers, -but the normal outcome is that half the weight of stake receives +but the normal outcome is that half the weight of shares receives notification (the host representing them receives notification) of one final block selected by one third of the active peers on the network, without receiving notification of a different final block. diff --git a/docs/libraries.md b/docs/libraries.md index de7af5b..fdc5539 100644 --- a/docs/libraries.md +++ b/docs/libraries.md @@ -1412,7 +1412,7 @@ transaction affecting the payee factor state. A transaction has no immediate affect. The payer mutable substate changes in a way reflecting the transaction block at the next block boundary. And that change then has effect on product mutable state at a subsequent product state block -boundary, changing the stake possessed by the substate. +boundary, changing the shares possessed by the substate. Which then has effect on the payee mutable substate at its next block boundary when the payee substate links back to the previous diff --git a/docs/manifesto/crypto_currency.md b/docs/manifesto/crypto_currency.md index 3437544..b1f01b2 100644 --- a/docs/manifesto/crypto_currency.md +++ b/docs/manifesto/crypto_currency.md @@ -16,11 +16,19 @@ A hundred or so big peers, who do not trust each other, each manage a copy of th The latest block is signed by peers representing a majority of the shares, which is likely to be considerably less than a hundred or so peers. -Peer share is delegated from clients – probably a small minority of big clients – not all clients will delegate. Delegation makes privacy more complicated and leakier. Delegations will be infrequent – you can delegate the stake held by an offline cold wallet, whose secret lives in pencil on paper in a cardboard file in a safe, but a peer to which the stake was delegated has to have its secret on line. +Peer share is delegated from clients –- probably a small minority of big clients –- +not all clients will delegate. Delegation makes privacy more complicated and leakier. +Delegations will be infrequent –- you can delegate the shares held by an offline cold wallet, +whose secret lives in pencil on paper in a cardboard file in a safe, +but a peer to which the shares were delegated has to have its secret on line. Each peer’s copy of the blockchain is managed, within a rack on the premises of a peer, by a hundred or so shards. The shards trust each other, but that trust does not extend outside the rack, which is probably in a room with a lock on the door and a security camera watching the rack. -Most people transacting on the blockchain are clients of a peer. The blockchain is in the form of a sharded Merkle-patricia tree, hence the clients do not have to trust their host – they can verify any small fact about the blockchain in that they can verify that peers reflecting a majority of stake assert that so and so is true, and each client can verify that the peers have not rewritten the past. +Most people transacting on the blockchain are clients of a peer. The blockchain +is in the form of a sharded Merkle-patricia tree, hence the clients do not +have to trust their host – they can verify any small fact about the blockchain in +that they can verify that peers reflecting a majority of shares assert that +so and so is true, and each client can verify that the peers have not rewritten the past. Scale is achieved through the client peer hierarchy, and, within each peer, by sharding the blockchain. @@ -28,7 +36,7 @@ Clients verify those transactions that concern them, but cannot verify that all In each transaction, each client verifies that the other client is seeing the same history and recent state of the blockchain, and in this sense, the blockchain is a consensus of all clients, albeit that consensus is mediated through a small number of large entities that have a lot of power. -The architecture of power is rather like a corporation, with stake as shares. +The architecture of power is rather like a corporation. In a corporation CEO can do anything, except the board can fire him and choose a new CEO at any time. The shareholders could in theory fire the board at any time, but in practice, if less than happy with the board, have @@ -46,13 +54,25 @@ have tried. Delegated power representing assets, rather than people, results in centralized power that, by and large, mostly, pursues the interests of those assets. Delegated power representing people, not so much. -In bitcoin, power is in the hands of a very small number of very large miners. This is a problem, both in concentration of power, which seems difficult to avoid if making decisions rapidly about very large amounts of data, and in that miner interests differ from stakeholder interests. Miners consume very large amounts of power, so have fixed locations vulnerable to state power. They have generally relocated to places outside the US hegemony, into the Chinese or Russian hegemonies, or the periphery of those hegemonies, but this is not a whole lot of security. +In bitcoin, power is in the hands of a very small number of very large miners. +This is a problem, both in concentration of power, which seems difficult to +avoid if making decisions rapidly about very large amounts of data, +and in that miner interests differ from shareholder interests. Miners +consume very large amounts of power, so have fixed locations vulnerable to state power. +They have generally relocated to places outside the US hegemony, +into the Chinese or Russian hegemonies, or the periphery of those hegemonies, +but this is not a whole lot of security. "Proof of stake" was sold as the whales, rather than the miners, controlling the currency, but as implemented by Ether, this is not what happened, rather a secretive cabal controls the currency, so the phrase is damaged. It is used to refer to a very wicked system. So I will use the term "Proof of Share" to mean the whales actually controlling the currency. -Proof of share has the advantage that stake is ultimately knowledge of secret keys, and while the state could find the peers representing a majority of stake, they are more mobile than miners, and the state cannot easily find the clients that have delegated stake to one peer, and could easily delegate it to a different peer, the underlying secret likely being offline on pencil and paper in someone’s safe, and hard to figure out whose safe. +Proof of share has the advantage that shares are ultimately knowledge of secret keys, +and while the state could find the peers representing a majority of shares, +they are more mobile than miners, and the state cannot easily find the clients +that have delegated shares to one peer, and could easily delegate it to a different peer, +the underlying secret likely being offline on pencil and paper in someone’s safe, +and hard to figure out whose safe. Obviously, at full scale we are always going to have immensely more clients than full peers, likely by a factor of hundreds of thousands, but we need to have enough peers, which means we need to reward peers for being peers, for providing the service of storing blockchain data, propagating transactions, verifying the blockchain, and making the data readily available, rather than for the current pointless bit crunching and waste of electricity employed by current mining. @@ -62,12 +82,12 @@ The power over the blockchain, and the revenues coming from transaction and stor Also, at scale, we are going to have to shard, so that a peer is actually a pool of machines, each with a shard of the blockchain, perhaps with all the machines run by one person, perhaps run by a group of people who trust each other, each of whom runs one machine managing one shard of the blockchain. -Rewards, and the decision as to which chain is final, has to go to weight of stake, but also to proof of service – to peers, who store and check the blockchain and make it available. For the two to be connected, the peers have to get stake delegated to them by providing services to clients. +Rewards, and the decision as to which chain is final, has to go to weight of shares, but also to proof of service – to peers, who store and check the blockchain and make it available. For the two to be connected, the peers have to get shares delegated to them by providing services to clients. -All durable keys should live in client wallets, because they can be secured off the internet.  So how do we implement weight of stake, since only peers are sufficiently well connected to actually participate in governance? +All durable keys should live in client wallets, because they can be secured off the internet.  So how do we implement weight of shares, since only peers are sufficiently well connected to actually participate in governance? -To solve this problem, stakes are held by client wallets.  Stakes that are in the clear get registered with a peer, the registration gets recorded in the blockchain, and the peer gets influence, and to some -extent rewards, proportional to the stake registered with it, conditional on the part it is doing to supply data storage, verification, and bandwidth. +To solve this problem, shares are held by client wallets.  Shares that are in the clear get registered with a peer, the registration gets recorded in the blockchain, and the peer gets influence, and to some +extent rewards, proportional to the shares registered with it, conditional on the part it is doing to supply data storage, verification, and bandwidth. My original plan was to produce a better bitcoin from pair based cryptography.  But pair based cryptography is slow.  Peers would need a diff --git a/docs/manifesto/social_networking.md b/docs/manifesto/social_networking.md index 3270a52..5dee579 100644 --- a/docs/manifesto/social_networking.md +++ b/docs/manifesto/social_networking.md @@ -1238,7 +1238,7 @@ But we can do the important things, which are social media and blockchain. With social networking on top of this protocol, we can then do blockchain and crypto currency. We then do trades between crypto currencies on the blockchain, bypassing the regulated quasi state exchanges, which trades -are safe provided a majority of the stake of peers on the blockchain that is +are safe provided a majority of the shares of peers on the blockchain that is held by peers holding two peer wallets, one in each crypto currency being exchanged, are honest. @@ -1268,7 +1268,7 @@ blockchain. Information wants to be free, but programmers need to be paid. We want the currency, the blockdag, to be able to function as a corporation so that it can pay the developers to improve the software in ways likely to add value -to the stake. +to the shares. # Many sovereign corporations on the blockchain @@ -1391,9 +1391,9 @@ of truckers who each owned their own truck. The coup was in large State incorporated corporations derive their corporateness from the authority of the sovereign, but a proof of share currency derives its corporateness from the cryptographically discovered consensus that gives -each stakeholder incentive to go along with the cryptographically +each shareholder incentive to go along with the cryptographically discovered consensus because everyone else is going with the consensus, -each stakeholder playing by the rules because all the other stakeholders +each shareholder playing by the rules because all the other shareholders play by those rules. Such a corporation is sovereign. diff --git a/docs/names/names.md b/docs/names/names.md index 07826cf..40942dc 100644 --- a/docs/names/names.md +++ b/docs/names/names.md @@ -151,7 +151,7 @@ work, rather than proof of share, and the state’s computers can easily mount a fifty one percent attack on proof of work. We need a namecoin like system but based on proof of share, rather than proof of work, so that for the state to take it over, it would need to pay off fifty one percent of the -stakeholders – and thus pay off the people who are hiding behind the name +shareholders – and thus pay off the people who are hiding behind the name system to perform untraceable crypto currency transactions and to speak the unspeakable. diff --git a/docs/scale_clients_trust.md b/docs/scale_clients_trust.md index c02d5b0..db68c51 100644 --- a/docs/scale_clients_trust.md +++ b/docs/scale_clients_trust.md @@ -106,7 +106,7 @@ their name and assets in a frequently changing public key. Every time money moves from the main chain to a sidechain, or from one sidechain to another, the old coin is spent, and a new coin is created. The public key on the mainchain coin corresponds to [a frequently changing secret that is distributed] -between the peers on the sidechain in proportion to their stake. +between the peers on the sidechain in proportion to their share. The mainchain transaction is a big transaction between many sidechains, that contains a single output or input from each side chain, with each @@ -145,7 +145,7 @@ necessary that what we do implement be upwards compatible with this scaling desi ## proof of share -Make the stake of a peer the value of coins (unspent transaction outputs) +Make the share of a peer the value of coins (unspent transaction outputs) that were injected into the blockchain through that peer. This ensures that the interests of the peers will be aligned with the whales, with the interests of those that hold a whole lot of value on the blockchain. Same principle