You're talking Bitcoin, not blockchain. Bitcoin largely exists so that Chinese tongs can hide assets from Xi. It was invented by a South African embezzler and popularized by libertarians. Ethereum uses staggering amounts of energy, too. This is why everyone who does anything with ETH is deploying test-cases while the eggheads figure out how to make proof-of-stake work. The change means instead of solving puzzles to prove you have the authentic blockchain, you basically pay an insurance policy. The chance for a spectacular implosion is high, which is why they're like two and a half years overdue. Screw this up and you won't get a do-over for a decade. But we're talking about blockchain. The authentication protocol I've been talking about this entire time runs on a private network built on the Ethereum protocol. I doubt it has more than a hundred nodes. Rather than "everyone who wants to run anything on Ethereum" using up its transactions, it's "everyone who wants to verify ownership on Arianee" which is a much smaller subset. Is Arianee big enough to not run afoul of the 51% problems being discussed? Sure - since it's a private network they get to set whatever rules they want. So is it a true public blockchain? You bet your sweet bippy it isn't. But it's a blockchain. Providing a solution.
First of all, I'm not trying to say that there isn't a single use case for blockchains out there. I'm also not going to pretend to understand blockchains beyond a hand wavy high level understanding, so before we go on, I'd like to outline how I understand blockchains work, so we can at least agree that my understanding isn't fundamentally flawed: 1. Blockchains are kept "authentic" by calculating a set of hashes which are updated each time a transaction occurs. 2. All past transactions have an effect on the current hash, therefore you cannot modify any prior transactions without also affecting the hash, making it obvious if someone has tampered with it. 3. This is only valid if there is more than one copy of the blockchain (or parts of the chain, I'm sure nobody is sitting there with the entire Bitcoin chain, it's probably huge), because otherwise the hash changing is meaningless, nobody would be able to tell if it was tampered with or not as you could just recalculate the whole thing. 4. A higher number of users (and part holders) of the chain increases the security of the chain, because if there were, for example, only three users, two of them could agree to both make the same false transaction, and validate each other. The consensus then goes in their favour. 5. Because the entire chain is in a way involved in calculating the hash for the latest transaction, the cost of calculating it increases over time. I'm not trying to write a scientific paper here, so I'm sure there are incorrect details, but are we broadly in agreement?
I'm no expert, but I think your description is fairly accurate. Yes, the chain of hashes is the core principle guaranteeing the integrity of the blockchain. As you are probably aware, a hash function takes data as input and produces a string. The SHA-256 function used by bitcoin produces a 64-character hex string that might look like this: Every unique input value is expected to produce a unique hash, and a key principle is that it is easy to generate the hash from the input, but almost impossible to figure out what the input was if you are given the hash, you might as well just guess the input, hash it and see if it matches. Exactly. A set of transactions are gathered into a set called a block. Some summary information and a random number called the nonce is added in. This whole package is the input data, and the resulting hash is an identifying fingerprint for the whole block. The next block includes the previous hash, a new set of transactions and summary information and another random nonce, forming the input for the next hash. Because the hash function is easy to calculate in one direction, anyone can check the chain of hashes. If a single bit of data at any point in the chain is altered, the next hash and all the following hashes will be different. The bitcoin blockchain is over 100 gigabytes, not small but it would fit on a $30 USB drive. Someone could use the client software to confirm that their copy of the blockchain is valid, meaning that the chain of hashes checks out mathematically. But this would not prove that the blockchain matches any other blockchain in use by others. Anyone can create a blockchain, and there are many blockchains that are not widely used and not valuable. Security is provided by the mathematics of the hash, and the algorithms in the software which have proven fairly robust over time. Bitcoin blocks are added about six per hour, and consensus is based on a simple rule: whichever blockchain is longest at the moment is the official blockchain. Therefore the most recent transactions, packaged in the most recent block, are considered tentative, since there could be an alternate valid block that contains the same transactions. Only after a second and third block appear are the earlier transactions considered more or less final. You refer to the 51% attack, a known vulnerability. If a majority of the users creating new blocks (the miners) conspire, they can secretly create valid new blocks without sharing them to the network. After several blocks are published on the public blockchain, the cabal publishes their evil twin blockchain. Since the cabal has more computing power than the rest of the network (more than half), the evil blockchain will be longer, and therefore accepted as official by the network. The cabal benefits because they used transactions in the doomed blocks of the public blockchain to buy stuff (cash or other digital assets, something that can't be easily reversed). But they don't put these transactions in the evil blockchain, so their balances are not debited in the evil blocks, and they can spend those funds again. There are some game theory reasons that reduce the risk of a 51% attack, one being that it would wreck confidence in the network and reduce demand and value for the entire blockchain (which, if it is worth attacking, is a big asset for the cabal), but the algorithm itself can't prevent such an attack and it has happened on some blockchains. The difficulty, and therefore cost, of mining a new block, is entirely determined by the algorithm. Creating a valid block is easy, you just take the previous hash, add some recent transactions and summary data, and a random nonce number, and calculate a new hash. A typical desktop computer can calculate millions of hashes in a second. But the algorithm is picky, and rejects most hashes. The goal is to accept one new block every ten minutes, no matter how many people are on the network making hashes, so the algorithm makes the arbitrary requirement that an acceptable hash, which is basically a bunch of random digits, must start with a series of zeroes. The miner changes the value of the nonce each time they make a new hash, hoping to get lucky with a hash that starts with enough zeroes. You can check the most recent bitcoin blocks and see the accepted hashes. Right now the latest winner is If, for whatever reason, more people start generating hashes, the next block will probably appear before ten minutes. That's fine, but if it goes on for too long the blockchain will grow faster than intended, sending more mining rewards out so the amount of bitcoin in circulation grows faster than planned. In that case, the algorithm will increase the difficulty, demanding MOAR ZEROES, to slow down the rate of blocks. These tune-ups happen every two weeks or so. It's also possible that fewer people will mine bitcoin, perhaps turning to other cryptocurrencies when the price drops. If that happens the difficulty will be reduced, to keep the production rate steady. I made a toy mining simulator, to get a feel for how hard it is to come up with a winning hash. For popular cryptocurrencies, it's not cost-effective to use a desktop computer, when a rig capable of generating trillions of hashes per second won't find enough lucky hashes to pay for the electricity it uses. So that's the way you could tell that a given blockchain is a big deal. With one simple computation, you can verify that the output hash satisfies an entirely arbitrary but inconceivably restrictive standard of being so very close to zero. Discovering the input value that produces such a low hash required computations consuming as much energy as Switzerland uses, year after year. (I would like to perform that hash myself, generating a recent accepted block hash, but I haven't been able to piece together the input values that work in a SHA-256 tool to get a bitcoin output hash.)1. Blockchains are kept "authentic" by calculating a set of hashes which are updated each time a transaction occurs.
be9056c3804a0d6797c7e28b9408ed9a80dac5a36cfdf47de13d2c2d18c122fb
2. All past transactions have an effect on the current hash, therefore you cannot modify any prior transactions without also affecting the hash, making it obvious if someone has tampered with it.
3. This is only valid if there is more than one copy of the blockchain (or parts of the chain, I'm sure nobody is sitting there with the entire Bitcoin chain, it's probably huge), because otherwise the hash changing is meaningless, nobody would be able to tell if it was tampered with or not as you could just recalculate the whole thing.
4. A higher number of users (and part holders) of the chain increases the security of the chain, because if there were, for example, only three users, two of them could agree to both make the same false transaction, and validate each other. The consensus then goes in their favour.
5. Because the entire chain is in a way involved in calculating the hash for the latest transaction, the cost of calculating it increases over time.
0000000000000000000bff61e1ae588ae7c575b28736bddbee09a89218eb3404
Thanks, that clarifies it quite a bit. If I understand correctly; apart from my guess that the blockchain might be kept in parts by different users (turns out the whole block chain must be stored by each user), the only thing I had fundamentally misunderstood is that the calculation cost goes up for every transaction. It does not, since you only use the latest hash to calculate the next one (plus all the new data, obviously). Pretty funny, since that was pretty much the only one that mattered for the point I wanted to make (blockchains being power inefficient).
In practice, most users don't run bitcoin software at all, but interact with service providers like Coinbase. You can also run client software that only downloads part of the blockchain and allows you to generate new wallet addresses, monitor the network, and initiate transactions. Many clients are suitable for portable devices. You can even run client software on a computer that never connects to the internet, using it to create new addresses with minimal risk that the private keys will be stolen. Bitcoins don't really change hands, they are always in the blockchain, assigned to addresses. Individuals control private keys, which give them the ability to initiate transfers from an address. The power consumption is considerable and a fair source of criticism, as the low hashes produced by all that effort have no use beyond proving that you did a lot of work.
(1) is incorrect which renders (2) through (5) incorrect. 1. Blockchains are kept "authentic" by having identical copies distributed everywhere. Obviously a static, unexpanding copy is less useful than a dynamic one that records new transactions, so the copy holders have to be incentivized in order to keep their copies online and updated. 2. IN BITCOIN There is a reward for the first correct guess to a cryptographic puzzle. Essentially an army of computers are brute-forcing a solution. In order to have a hope in hell of coming in first, you need the clue of the last block. more here. Obviously the odds of guessing correctly are really shitty if you're all alone, which is why people talk about mining "pools." Pool the effort, distribute the wins. 3. The "correct" version of the blockchain is the one with the most agreement. If 30% of bitcoin miners decide they don't like the solution to any given block, there is now a fork with 30% of the miners on it, a fork with 70% of the miners on it, and "bitcoin" is whoever has the majority. Every miner needs the blockchain, the whole blockchain and nothing but the blockchain. 4) The more miners on the chain, the more miners need to vote against something in order to change it. If 30 miners in an 8,000 node network decide 7970 miners have the wrong copy, they are on their own pathetic little chain. If 30 miners in a 45-node network decide 15 miners have the wrong copy, they are still on their own pathetic little chain but they have the mother fork, for whatever it's worth. This formed the basis of the last season of Silicon Valley, incidentally. 5. The cost of calculating the next block increases over time so that early adopters are given an advantage. It's monetary policy at the code level. The difficulty of the hash is a choice, not an effect. Are those differences adequately explained?
Your clarifications are fine, but I do find it to be a bit of an uncharitable reading of what I wrote, because it seems to be far less wrong than you make it out to be, if we're to believe wasoxygen. However, the point that mattered most to what I was trying to say (point 5) turns out to be completely wrong, so it sounds like the power consumption point made in the article only applies to Bitcoin (or other similar blockchain use cases), and not blockchains in general. I still think a lot of the other points made in the article are valid. Mainly the idea that a blockchain can't replace external human validation, since a blockchain can only verify that records have not been tampered with after the fact, but can't verify that the input records are correct in the first place. For example in the case of land changing hands, the blockchain can't verify whether it really did or not, it has to be told. Instead of saying a blockchain is a glorified database, maybe it's more accurate to say it's a database with an elaborate checksum? A checksum can only check that data hasn't changed since the checksum was calculated, not whether or not the input information is correct. There are also further trade-offs which do come at a cost (of course that applies to any technology); - The security increases with the number of copies of the block chain out there, but since you need the entire chain to be copied it can be extremely storage intensive. Imagine if you wanted to use a block chain for a stock exchange; the number of transactions per day is enormous. - Keeping all of these copies in sync costs a lot in terms of data traffic, which also creates latency. In fact, all the hashing, even if it's not quite as bad as I thought, will create latency as well. In a time where some companies move physically close to stock exchanges in order to have shorter latency over their (already speed of light) fibre, this is not a minor concern. I think it's safe to say it's not "effectively zero cost", but it could be an acceptable cost for some applications. I also think it's safe to say there are many applications it would not be a good fit for.
You're effectively saying that since someone partially disagrees with me I'm rude. This is how we got into trouble last time - I can't stop you from being personally upset by the things I say but I can remind you that the excessive length and care you get in my responses are a sign I'm trying not to piss you off. wasoxygen is wrong. Blockchains are distributed ledgers. The distribution is the point. BitCOIN was derived from BitTORRENT where the entire point is the distribution and decentralization. The difference between bitcoin and bittorrent is there need be no central server to point new users to the blocks because there are no blocks. Everyone has the whole thing or they aren't a part of the equation. If you aren't 100% identical to everyone else on the network you aren't on the network. It's not a database. It's unwieldy and impossible to manipulate. A blockchain is an indelible, unfalsifiable, permanent record of transactions. You're absolutely right: if you write "2 plus 2 equals 5" in the blockchain, it will say that two plus two equals five. however, that block will have a unique identifier and the user that wrote that on the blockchain is also indelibly marked. And you're absolutely right that the blockchain is only as good as the information on it. But again, if you write something wrong or dishonest, you have written it forever, out where it can never be edited. Mistakes will be made because we're people but a pattern of "mistakes" is either incompetence or malfeasance and now that it's there forever, anyone can investigate. More importantly, there is no horizon beyond which mistakes cannot be found. No. With a public blockchain the durability increases with the number of copies. A 51% attack on an authentication blockchain would create two blockchains. Any transaction that happened before the 51% attack would be on both blockchains while any transaction that happened after the 51% attack would only be on one. if KBChain made the mistake of letting anybody on board, and got 51%attacked, KBChain Classic would release a memo saying "well that was dumb, we've still got your original verification and we're making our admissions standards more stringent." The data itself remains inviolate. Yes. But latency doesn't matter in the slightest when we're talking about authentication. If I'm buying and you're selling the money is going into an escrow account that you won't see for a month anyway so who cares. Thus once again we move from "I don't understand it and you're wrong" to "I understand it a little better but you're still wrong." A blockchain need not have 8,000 members. You don't get to play with Hyperledger unless you have a board of directors. Authentication on Bitcoin is dumb and authentication on the Ethereum mainnet is tortuous but authentication on an Ethereum-compliant private net could be fast as networking. Arianee, for example, accomplishes its mission perfectly if they just assign a node to every vendor that wants their products verified. If you've got 100 brands you've got 100 nodes and the network is secure because the only people who can write to the network are the brands that depend on it. That's 100 Raspberry Pis or the equivalent. Give each of 'em a 1TB hard drive. You're talking about a $500 cost for companies that don't sell watches for less than $5k ea. Breitling did 530m CHF in sales last year. I would say "effectively zero" is an accurate description.Your clarifications are fine, but I do find it to be a bit of an uncharitable reading of what I wrote, because it seems to be far less wrong than you make it out to be, if we're to believe wasoxygen.
Instead of saying a blockchain is a glorified database, maybe it's more accurate to say it's a database with an elaborate checksum?
- The security increases with the number of copies of the block chain out there, but since you need the entire chain to be copied it can be extremely storage intensive.
- Keeping all of these copies in sync costs a lot in terms of data traffic, which also creates latency. In fact, all the hashing, even if it's not quite as bad as I thought, will create latency as well.
I think it's safe to say it's not "effectively zero cost", but it could be an acceptable cost for some applications. I also think it's safe to say there are many applications it would not be a good fit for.
Fine, let's say it it's a ledger, good enough for me. Agreed, but with a lot of these things the paper trail isn't necessarily even the problem. Let's take Trump's taxes, for example. There is documentation out there that shows he's probably done illegal things, he just hasn't been prosecuted either due to the IRS being under-resourced, or political considerations. The documentation itself does not seem to be the issue. I think you definitely have a point about dodgy dealings by state officials in places like India, but again I don't think this is a technical problem as much as it is a political problem. They could have good records without blockchains if their politicians really wanted it, but clearly they don't. I don't disagree with the technical case, but the point I was making is that you can completely recalculate the entire block chain to your liking if you have access to enough copies of the chain, or have enough friends who do. And in your example, it still very much depends on people trusting you (or some group) to be the arbiter of KBChain. Blockchain creates a robust ledger, one where no single actor can simply cross out a name in a document, which is good, but you could also achieve that by having a database that tracks changes over time. I guess your point is not that it's impermeable, but rather that it makes it harder to mess around with it. I don't disagree with this, but other secure systems are probably just as good? Absolutely, but I did say it can be good for some applications. I have the feeling that we basically agree, maybe I just think that the things blockchains do aren't quite as revolutionary as you do.But again, if you write something wrong or dishonest, you have written it forever, out where it can never be edited. Mistakes will be made because we're people but a pattern of "mistakes" is either incompetence or malfeasance and now that it's there forever, anyone can investigate
No. With a public blockchain the durability increases with the number of copies. A 51% attack on an authentication blockchain would create two blockchains. Any transaction that happened before the 51% attack would be on both blockchains while any transaction that happened after the 51% attack would only be on one. if KBChain made the mistake of letting anybody on board, and got 51%attacked, KBChain Classic would release a memo saying "well that was dumb, we've still got your original verification and we're making our admissions standards more stringent." The data itself remains inviolate.
That's 100 Raspberry Pis or the equivalent. Give each of 'em a 1TB hard drive. You're talking about a $500 cost for companies that don't sell watches for less than $5k ea. Breitling did 530m CHF in sales last year. I would say "effectively zero" is an accurate description.
The difference between "harder" and "impossible" is non-negligible.
It's late so I'll have to get back to you tomorrow on this.