Time-as-a-Currency & PoS4QoS - PoS-based Anti-spam via Timestamping

OK, so we are making the assumption that not everyone in the network is using his/her own maximum capacity at all times which is a fair assumption imo.

The average TPS before spam was ~2tps including all exchanges transactions (someone correct me on this if I am wrong). The network handled ~50tps fine (it was more like 60-70 but lets simplify it here) during spam. That's ~96% of all tps during spam period was actually just "spam". How much stake would that spammer need to saturate a PQ of 50tps network by 96% in PoS? And how much is the spammer paying right now to sustain his spam activity?

I think no matter how you look at it, this seems like a better way of doing things than the status quo.

  1. It limits how much damage can the spammer make in PQ even if he has a large stake and even if he have powerful hardware.
  2. It allows users in PQ to have guaranteed AND predictable TPS (this is important but overlooked somehow). During spam I would much rather know that I have guaranteed predictable X TPS (1 TPS or 0.1 TPS) rather than sending and wondering when my transaction will be confirmed at the mercy of the spammer.
  3. NQ might suffer like the whole network is suffering now, but even than, exchanges, large stakers will be able to transact fine in PQ while some small stakers will have to wait for their small (relatively speaking) TPS bandwidth in PQ (which again, all the network is suffering of this right now regardless of stake).

Here is a scenario. What will happens if small business with no stake (zero nano) want to starting accepting nano and we are in the middle of spam attack that saturate the network?
1- In current state with no prioritization, he will be able to process payments but very slowly (at the mercy of the spam and how much will the network keep up and process legit transactions)
2- In TaaC/PoS he will not be able to process payments in PQ because his stake is zero? so he is at the mercy of the NQ spam and how much will the network keep up and process legit transactions.

So that small business is no worse in TaaC/PoS than it is in current state.

There might be implementation challenges I agree, We should let implementers judge that. However, I think the concept is sound and very much worth considering.

I would be interested in a beta test net based on that concept to see how it behaves with different scenarios.

1 Like

Hey Rob great proposal. I've been mulling over the original reddit post/your responses/ and this forum thread trying to find a weakness to your proposal, just to maybe add improvements to it.

  1. Have you considered the idea of maybe "ignoring" sends that do not meet all 4 rules? This force actors to basically have correct timestamp and meet the TPS thresholds. In exchange, make the SUSTAINED_TPS and BURST more lenient? In this system, the rules are more strict but it could prevent the constant spam from the attackers, and requires user to resend their blocks until they meet all 4 rules. This also requires that for a system where the BURST cannot be reset. This could also reduce ledger bloat. This only affects people who uses NQ.

  2. If we keep your TaaC/P4Q system, and if we assume an attacker has an infinite PoW, doesn't that mean that Nano will always be spammed? In this case, the best solution would be to "slow" down the attack since the system cannot stop the spam.

  3. What about an attack vector where:
    a) Attacker uses up max BURST from walletA send on PQ to many wallets
    b) Sent 1 NQ to reset MIN_GAP.
    d) Send from "manyWallets" to walletA on PQ.
    c) repeat a'

Doesn't this (#3) still allow PQ spam?

  1. Is it possible to added harsher penalties for constantly breaking NQ? Perhaps a node set a timeout on the walletAddress send transactions (ignores them and doesn't rebroadcast) until after X amount of confirmations from the network/ or after X seconds? Some idea may be, for every NQ that is sent by the wallet, their NQ_COUNT increments. After Y amount, they go on timeout (node ignores their send/do not rebroadcast). Their NQ_COUNT reduces every second. When it reaches 0, they are out of timeout. The node now allows NQ from that wallet, or PQ if they waited enough time.

I am excited to get this implemented somehow. Is there any update/plans for this? I am a software engineer. I am mostly working in Java though at work and have not touch C++ since college. I would like to help if possible.

2 Likes

Yes, it is a weakest link system.

It is quite simple - if enough voting power cannot keep up with the TPS then CPS will drop off and become unreliable.
So not all nodes need to keep up, but enough of the voting power needs to keep up so that confirmation remains reliable.

Yes layer one is working just fine at getting transactions confirmed yes?

Stake is not a spam deterrent, it is a USAGE deterrent. Big money doesn't move a lot, small money moves a lot. Besides layer 1 can still be spammed to hell.

You haven't provided any fixes.

And as soon as an attacker uses PoW * 106 the entire network is done.

The NQ is the equivalent of the current network -- dPoW, equihash, whatever you want -- if you believe it will be filled 24/7 with spam, then you are pre-emptively admitting that dPoW and equihash and any other security mechanisms are insufficient and will result in spam. In my proposal, it means that the NQ will be spammed. In the current network, it means that the entire network will be spammed.

Because you can't use PoW as a primary security mechanism in a world where standard mobile phones and even GPUs can have a seat at a table against a custom farm designed to spam the network. PoW works for bitcoin because billions of dollars have been spent in securing it against attackers.

I'm sorry, but comments like these rank up there in ignorance with "I heard mercury is in vaccines, so they must cause autism." You don't understand why PoW works in BTC and does not work in Nano because you are a civil engineer, just like those people do not understand why mercury is dangerous in one chemical formula but not dangerous in another formula because they did not pass high school chemistry.

I explained thoroughly in the above thread why PoW can serve as a primary security mechanism for BTC and not Nano, so I won't be repeating it here.

Might as well just use a fee network like XLM then, which will charge you far less than a few bucks a year to transact.

The conversation has always been the same, but you're too focused on "winning an argument" to learn something. PoW is crap and will never work. The reason my proposal works and allows the NQ to thrive is due to herd immunity, a concept I put into the very first post of this thread. As I stated then and keep stating, attackers have no incentive to spam the network because they have no ability to spam out the big players and it will cost too much, so the NQ will be safe because of the pointlessness of the attack.

So my proposal gives you an NQ where you can live out your fantasy of computing PoW (or paying someone else to compute it for you), while simultaneously having a different queue that you can use where you are guaranteed some amount of transactions based on how much Nano you own that nobody can take away from you -- even if they own literally every single other Nano in existence and are capable of computing PoW 10100x faster than you.

I've yet to see you list any drawbacks whatsoever to this approach.

Yeah. I just don't think you're worth responding to anymore.

No one account could take up anywhere near that in the current proposal. If someone owns 5% of all Nano, they would be able to take up at most (if split sufficiently) 5% of the PQ capacity. Scroll up a bit and look at the post that I made with an image.

They would need to own 96% of the stake to saturate 96% of the PQ.

A new account is made with a receive transaction. It would not have zero, and (if you scroll up) we have discussed that a transaction's PoS would be equal to likely either avg(old, new) or max(old, new) or some other variation. This means that if a new business opened an account on the Nano network by accepting, say, 20 Nano, their very first (open tx) block would have the priority of someone with up to 20 Nano.

This would basically make super-low-value accounts unusable, and would be little more than enforcing a minimum balance threshold. Anyone under ~0.0001 Nano would only end up with one transaction per few days or so, so we would be effectively saying that people aren't allowed to own less than that much.

The beauty of the NQ fallback is that people can have tiny amounts of Nano and even use it as the main network if (for some reason) they wanted to, while the majority of the big actors can use the PQ for the spam immunity to dissuade attackers.

If we assume that an attacker has infinite PoW, they could spam the entire network right now. In my system, if they have infinite PoW, they would still not be able to spam out the PQ. The belief is that the NQ would comprise such a small % of the total value of the network that it would not be worth spamming.

Consider this (data accurate to the ledger as of ~3 weeks ago):

  1. The sum of all users on the network who have 0.1 or less Nano equals just about 0.001% of the total Nano.
  2. The sum of all users on the network who have 1 or less Nano equals just about 0.02% of the total Nano.
  3. The sum of all users on the network who have 10 or less Nano equals just about 0.1% of the total Nano.

The amount of wealth spread across these tiers is basically zero in terms of the Nano network value, and so it is basically zero to an attacker. Attacking people lower than these tiers would not meaningfully effect the currency's price, which means that there's no profit to be gained. As such, an attacker has no reason to use their infinite PoW to attack the NQ anyway.

Your line (b) there means that the PQ isn't being spammed. In order for their NQ requests to be processed, the PQ must be completely cleared out. As a result, upon the completion time of (b), the PQ must be empty. This is the antithesis to a spam attack.

In addition, your line (d) [which came before 'c'] would still have to obey rule (4) of the PQ [i.e., that the receive of these sends must be timedated after the send itself].

Finally, your use of "burst... to many wallets" is misleading. MAX_BURST is more likely a number closer to 2-3 for almost every QoS tier. You wouldn't be able to burst to that many wallets.

Not easily possible, and a different implementation entirely if it were.

6 Likes

Yes i have -> CPS as limited resource subject to supply and demand

No at that point the attacker is incurring real costs and has real limits to how long it can be maintained and how much TPS they can spam.
Yes the rest of the network would suffer temporarily if they couldn't provide the PoW but they would KNOW how much PoW is required and they wouuld KNOW that there is CPS capacity available and they would KNOW their transaction still confirms in 0,357 seconds.

In what way is that worse, if you have a PQ on top of the NQ, that works like you explained?

Why would the NQ then be filled with spam transactions, but not without having a PQ?

Let's assume it works. Why would it fail to work just because there's an additional PQ?

I like how this discussion went from PoW is a train wreck waiting to happen to.... whether or not that happens, P4Q delivers a working PQ no matter what.

If you don't realize how dealing with limited resources is always about prioritization, I recommend you have a look at the Integrated Services QoS scheme and the Differentiated Services QoS scheme.
I already referred to it, but maybe I need to explain it in greater detail.
Depending on the implementation, P4Q can be either a mix of the two or, even easier, plain DiffServ.
To apply prioritization with the DiffServ QoS scheme in P4Q:

  • the PQ is equaling Expedited Forwarding (EF); blocks in PQ always come first
  • the NQ equaling Assured Forwarding (AF) with the PoW being the classes within it; blocks within NQ are sorted by PoW and processed in that order

For that reason the NQ could be limited to a maximum TPS independently from the PQ to limit the impact on nodes caused by the spam.

Using the NQ doesn't reset MIN_GAP.

Stake is what guarantees TPS at P4Q. The very existence of the PQ is what allows taking TPS away from the NQ, which is the spam deterrent.

2 Likes

@harlan_pepper1 why don't you answer this question?

@Rob, quit wasting your time on him until he answers this.

2 Likes

I feel like some people here are just trolling and trying to just stroke their ego with wordplay rather than indulging in the focussed discussion, at this point it's best to ignore them and focus on the proposal at hand and drilling into details of the implementation and testing.

@harlan_pepper1 Could you please refrain from sidetracking the discussion further, it looks like you are just trying too hard at making no sense, if POW and current network is enough, then the normal queue of this proposal is enough and there is nothing for you to worry, in case it isnt, and that being the fact, having PoS4QoS keeps the network operational, and thus disincetivises the attacker to even attempt to clog the normal queue in the first place, so the network will always work in normal queue (current state) not becoz it is enough, but because the attacker is heading to a dead end. I refuse to acknowdge that you haven't comprehended this part yet and its clear its just trolling at this point.

3 Likes

I can't see the benefit of judging a spam deterrent system based on the assumption that 96% of system capacity is always unused by honest actors.

Even if you have to wait 3 days to send it? And "wondering" isn't the case. With DPoW, you see the PoW difficulty of confirmed transactions, you send your next transaction at this or higher and it gets confirmed.

Your misunderstanding the situation. The reason people got transactions stuck had nothing to do with DPoW.

They'll have an economic incentive to build or pay for a high capacity PoW system that will easily put their few transactions per hour ahead of a spammer who is having to do PoW for thousands of txs per second.

Yes he is. The PQ has taken some percentage of the available NQ.

I appreciate you putting these thoughts together. I clearly disagree with some assumptions but this is the kind of scenarios that need considered. To date the discussion has been "look how we can lock up the network so hardly anyone, especially a spammer, can send a tx"

Ask him how those with less than 0.13 Nano are guaranteed their min TPS when an attacker could make millions of sub 0.13 Nano accts.

You have to answer first, why he is in a state of waiting? He can still get into normal queue do more POW and get ahead, are you not reading the proposal?

I'm not aware of this ever not happening. During the recent spam the top voting nodes kept up. Right?

Attacker can make millions of sub 0.13 accounts, yes, yet he will only be using what's the minimum a 0.13 account can use, or he can get to the POW QUEUE and also the guy with 0.13 (normal queue) also gets to use the minimum allocated in priority queue and also the normal queue the current network provides, so he has an additional pass, he is has +1, this is opposed to if we had only Normal queue, he would be doing Pow+1 and have no PQ option (its easier said than done though, dpow services will be made paid or users need to do their own POW that is not practical either)

This is good advice since I ignored him for the same reason. There's no sense debating a proposal that's based on 10,000 TPS just for the PQ or PoW not working because somehow a cell phone must compete against a fantasy, one of a kind, Chinese mining rig.

If somehow you want to factor in the time gap between transactions into PoW prioritization then feel free. Unfortunately I think you'll find it only benefits "rich" accounts and harms the natural development of PoW capacity (ie spam mitigation) for the rest of the network.

Ok, I'm a spammer. I make 1 billion 1 raw accounts. I get to send a transaction every X hours. Stop me from spamming the PQ (at least everyone with 0.13 Nano which at BTCs market cap is around $700, assuming they have it all in one account)

You will always be sending only transactions that the network can process with ease, your accounts are limited to network capacity. Have you even read this proposal? Which part do you need to be explained again. Maybe you need to get on a one on one chat with a few people who can explain it to you clearly. Can you stop spamming this discussion and go to discord or somewhere you can get your head cleared up.

1 Like

Because the magic PoW machine of the OP had been activated and no one stands a chance in the NQ. Go back to the original basis for this proposal, it seems to change often between "well use the NQ" and "the NQ can be saturated for $5 and a Tandy 1000"

Does this mean POW doesn't work? You mean the current state of the network that has failed, but I thought you said it cannot fail? Are you getting the irony of here

1 Like

That's great because I'm going to use my billion accounts to send 10,000 TPS for 28 hours everytime my min_gap refreshes (assuming it's greater than 28 hours)