General Category > Design / Incentives / Game Theory

A critique of paul's drivechain proposal (and parasite oracles)

(1/2) > >>

MattGoldenberg:
Hey Paul,

A couple of days ago took some time to respond to your drive chain video. The main critiques are :

1. You can't have permissionless innovation without permissionless implementation, because innovation requires interaction with the market.

2. The parasite contract attack can't succeed at bankrupting the real oracle, because it requires the real oracle to always get paid.

3. The type of trust you're talking about (trusting that the system won't fail) is different than the type of trust Ethereum is going for (trusting that people won't control the system for their own gains). Both types of trust can be created with blockchain technology, and neither is the "right way" to use the technology.

4. The voting mechanism for smart contracts is a fragile way to prevent feedback loops, because it's impossible to foresee all problems beforehand.  Furthermore, miners aren't chosen for their ability to foresee these problems, but instead for their computing power.

5. A permissionless smart contract system is antifragile because many defenses to feedback loops can be created, and over time only the good mechanisms will survive.

I go deeper into these arguments in my video here:
https://www.youtube.com/watch?v=qPyiVgRGeHk

Would love your thoughts!

Best,
MAtt

zack:
1) This is true

2) "bankrupting" isn't the failure mode we are afraid of. We need to pay the oracle enough, or it will lie.
All the rep in the oracle is sell-able all the time. If you can win X amount of money by getting the oracle to lie, and it costs Y amount of money to buy up enough rep to make it lie, and X>Y, then the oracle could profitably lie.
If there is a separate blockchain with a large volume of trading in parasite contracts, then the person doing the attack could earn money on both blockchains.
It sounds like Crystal and Hivemind are vulnerable to altcoin parasite contracts in the same way. Read some of my posts about it.

4) I agree with the voting mechanism being fragile because it can't adapt. You are right, miners are selected for computational ability first. Ability to censor is secondary.

5) True. Permissionless implementation makes it much less fragile.
Ethereum style smart contracts is not how permissionless implementation will be standardized. Smart contracts belong in the channels. Storing state on-chain is unnecessary and expensive.

psztorc:
Cool. Thanks for engaging. I will watch it later tonight.

> 1. You can't have permissionless innovation without permissionless implementation, because innovation requires interaction with the market.

A good metaphor is starting your own business. Anyone can start their own business, yes. But you should not be able to barge into someone else's pharmaceutical research laboratory and take photos of everyone's notes, and whatnot.

> 2. The parasite contract attack can't succeed at bankrupting the real oracle, because it requires the real oracle to always get paid.

The parasite prevents the real oracle from scaling up -- it can only guard a small amount of value. So it will never truly be useful.

> 3. The type of trust you're talking about (trusting that the system won't fail) is different than the type of trust Ethereum is going for (trusting that people won't control the system for their own gains). Both types of trust can be created with blockchain technology, and neither is the "right way" to use the technology.

One kind of trust is cheap for a computer to create, and extremely useful. The other kind of trust is extraordinarily expensive for a computer to create, and trustlessness would marginally add almost no effectiveness. Each day, people eat in restaurants without paying...until the very end. Or they purchase something online, and pay upfront (and wait -with trust- for it to be shipped).

> 4. The voting mechanism for smart contracts is a fragile way to prevent feedback loops, because it's impossible to foresee all problems beforehand.  Furthermore, miners aren't chosen for their ability to foresee these problems, but instead for their computing power.

Oh, so you agree that there are problems? : )

Miners do not need to "foresee all problems". They merely need to listen carefully to developers complaints, and refuse to incorporate anything which does not get widespread developer support. Because this filter would work, probably no malicious developer will bother trying to write anything which is clearly problematic.

> 5. A permissionless smart contract system is antifragile because many defenses to feedback loops can be created, and over time only the good mechanisms will survive.

It is the reverse -- Taleb makes it very clear that there is a fractal structure: something can only be antifragile if it is made up of fragile pieces. So growth / complexity requires the ability to keep things removed (which will be harder for Ethereum than for Bitcoin Sidechains).

MattGoldenberg:
Thanks for the reply Zack.

--- Quote from: zack on May 23, 2016, 06:41:29 pm ---
2) "bankrupting" isn't the failure mode we are afraid of. We need to pay the oracle enough, or it will lie.
All the rep in the oracle is sell-able all the time. If you can win X amount of money by getting the oracle to lie, and it costs Y amount of money to buy up enough rep to make it lie, and X>Y, then the oracle could profitably lie.
If there is a separate blockchain with a large volume of trading in parasite contracts, then the person doing the attack could earn money on both blockchains.
It sounds like Crystal and Hivemind are vulnerable to altcoin parasite contracts in the same way. Read some of my posts about it.

--- End quote ---

This is a more nuanced argument than Paul made in the video - I assume he was simplifying in order to reach a broader audience.

I have a few thoughts on this, but they're a little all over the place.  Here are a few of them, and I'll have to think about this and get my thoughts in order before I can truly say one way or another whether this is a viable attack route:

* The true oracle can actually charge exactly as much as it needs to prevent this attack.  It's profit's can't be undercut by a parasite contract, because the parasite depends in it getting paid, so it can charge enough to make entire industries enter into a smart contract to pay it.
* If someone is gaining money from this attack, then there's someone else losing money on the other side of the attack.  This creates a bidding war for reputation in these types of attacks- those who stand to lose money from the truth vs. those who stand to gain.  Just like in a prediction market, this means that the cost of the attack gets driven up to where it will almost always be unprofitable.
* Crystal has several mechanisms to make it incredibly expensive to sell and use reputation dishonestly.

For instance, if someone buys reputation who obviously shouldn't have it (based on recommendation algorithms), then the community takes a significant cut of that reputation.

 In addition, bought reputation is "deactivated".   Deactivated reputation can't be used to make money *in contest* and is also influence limited based on HonestyPoints, a separate identity based reputation (based on a Sybil-resistant version of Eigentrust) that can't be traded.  The only way to reactivate reputation is to participate honestly in enough contests after the reputation is bought. If an account is caught being sold (instead of selling through the official channels) that account can be deactived and all it's reputation coins returned to the community.

These types of protections of course don't make attack impossible, but they make it significantly more expensive to buy reputation dishonestly. This in turn turns the bidding war above in favor of people who plan to use the reputation honestly.


--- Quote ---5) True. Permissionless implementation makes it much less fragile.
Ethereum style smart contracts is not how permissionless implementation will be standardized. Smart contracts belong in the channels. Storing state on-chain is unnecessary and expensive.

--- End quote ---
Just like bitcoin, I see on-chain smart contracts being used to settle disputes, whereas offchain channels are used in the day-to-day.  Crystal plans to implement the first version of this in the form of a "shadowchain", which is calculated offchain using a reputation system, and then only run onchain if somebody pays to check the results.

P.S. What is up with these Captchas? No idea what that last letter says.[/list]

MattGoldenberg:
Thanks for the reply Paul.


--- Quote from: psztorc on May 24, 2016, 01:44:49 am ---
A good metaphor is starting your own business. Anyone can start their own business, yes. But you should not be able to barge into someone else's pharmaceutical research laboratory and take photos of everyone's notes, and whatnot.


--- End quote ---

What I'm arguing is that you can't get the former without the latter.  In other words, people won't be able to start viable blockchain business without giving them access to everyone's laboratory.


--- Quote ---The parasite prevents the real oracle from scaling up -- it can only guard a small amount of value. So it will never truly be useful.

--- End quote ---

Because the parasite oracle depends on the real oracle, the real oracle can charge as much as it wants.  They can force entire industries to make smart contracts that collectively pay for the information they need.



--- Quote ---One kind of trust is cheap for a computer to create, and extremely useful. The other kind of trust is extraordinarily expensive for a computer to create, and trustlessness would marginally add almost no effectiveness. Each day, people eat in restaurants without paying...until the very end. Or they purchase something online, and pay upfront (and wait -with trust- for it to be shipped).

--- End quote ---
So I think there's still a misunderstanding here.  If you're still talking about restaurants, there's a fundamental disconnect.  The real target is companies and industries who can ABUSE brand and trust through economies of scale and aggregation of users.  Amazon does this to it's suppliers, Twitter did this to it's datafeed partners, Facebook does it to it's users, Uber is starting to do this as well.

The analogy I've used is how open source allowed Google to credibly commit to not treating its smartphone partners the same way Apple did with its iOS ecosystem. Google couldn't do the same thing with Google+ against Facebook, because while open source allows a company to commit to keeping its software beneficial to the ecosystem, it doesn't allow a company to credibly commit to keep it's data and user network beneficial.  It was impossible to credibly commit to doing that until Ethereum came along.  I can't do the argument justice in a forum post, but I go way in depth here: http://getcrystal.net/blog/index.php/2016/05/08/the-business-case-for-dapps-decentralization-as-a-strategy/


--- Quote ---Oh, so you agree that there are problems? : )

--- End quote ---

Yes, this is the scariest part of permissionless smart contracts.


--- Quote ---Miners do not need to "foresee all problems". They merely need to listen carefully to developers complaints, and refuse to incorporate anything which does not get widespread developer support. Because this filter would work, probably no malicious developer will bother trying to write anything which is clearly problematic.

--- End quote ---

So the miner judgement thing was just an aside - the real idea here was that no matter how good your forecasting is, it will fall EVENTUALLY to a black swan. Relying on prescreening for security is inherently a fragile system.


--- Quote ---It is the reverse -- Taleb makes it very clear that there is a fractal structure: something can only be antifragile if it is made up of fragile pieces. So growth / complexity requires the ability to keep things removed (which will be harder for Ethereum than for Bitcoin Sidechains).
--- End quote ---

This of course is entirely dependent on how far you granularize "something". As a reductio-ad-absurdum, you could use this argument to say that as long as an economy has a single company that could fail, the entire economy is considered fragile. 

Instead, I think what matters here is the level of "walls" that different parts of an ecosystem have that prevent them from collapsing when other parts of the system collapse.  My point being, that with a permissionless system, we can test all sorts of different walls made of concrete, glass, mud, and air, some of which will essentially split the ecosystem into seperate fractal ecosystems.  Over time, we'll figure out which types of walls work, and which walls still give you interaction with the entire ecosystem WITHOUT exposure to the entire ecosystem's risk.
[/quote]

Navigation

[0] Message Index

[#] Next page

Go to full version