is it profitable to purchase truthcoin reputation and manipulate outcomes?

Previous topic - Next topic

martinBrown

Purchasing reputation is a type of sybil attack (similar to ballot stuffing). This is often one of the first issues brought up as a weakness in TruthCoin's use of voters, especially when considering the possible scenario where TruthCoin might be used to adjudicate the outcomes of bets denominated in bitcoin. I'm not sure that the current docs are clear enough on how TruthCoin prevents such sybil attacks.

In particular, here is an ongoing reddit thread exemplifying the confusion:

Quote
Another problem that I have with TruthCoin though... Doesn't it assume that someone could "buy truth"? Let's say that TC's market cap is 1M ether. I could then create a contract for 2M ether, and buy enough TC to swing the vote in my favour? I'd lose my all TC because of that, and probably kill te whole TC currency, but i'd be awarded for 2M for the contract fulfillment. In oher words - Isn't TC feasible to protect a contract only up to an amount of TC's market cap?

And further down...

Quote
> TruthCoin voter decisions are not used to adjudicate the outcomes of prediction markets in other coins.

Well, this is a direct quote from the TruthCoin whitepaper. Article IV, Page 19, section (b).(i.):
"Most critically of all, this system will have to sign Withdrawal Transactions so that users can bring Bitcoin out of this system and back into their personal wallets."

Also, straight from the Abstract on Page 1:
"Bitcoin users can create PMs on any subject, or trade anonymously within any PM, and all PMs enjoy low fees and permanent market liquidity through a LMSR market maker."

So it seems that you missed something about TruthCoin :)

Maybe a paragraph or two can be written to address this argument in particular, and clear up the confusion? Its not the first time I've heard someone raise the same objection.

Bitcoinfan

Quote from: martinBrown on June 19, 2014, 12:51:30 AM
Purchasing reputation is a type of sybil attack (similar to ballot stuffing). This is often one of the first issues brought up as a weakness in TruthCoin's use of voters, especially when considering the possible scenario where TruthCoin might be used to adjudicate the outcomes of bets denominated in bitcoin. I'm not sure that the current docs are clear enough on how TruthCoin prevents such sybil attacks.



Another problem that I have with TruthCoin though... Doesn't it assume that someone could "buy truth"? Let's say that TC's market cap is 1M ether. I could then create a contract for 2M ether, and buy enough TC to swing the vote in my favour? I'd lose my all TC because of that, and probably kill te whole TC currency, but i'd be awarded for 2M for the contract fulfillment. In oher words - Isn't TC feasible to protect a contract only up to an amount of TC's market cap?
[/quote]

[/quote]
From your reddit page
This seems to me a desirable limitation. If a judge (or set of judges) is refereeing a prediction market where there's more money at stake on its outcome than the lifetime salaries of the judges, that's precisely the kind of situation in which retirement attacks are most likely.
[/quote]

This is the same concerns brought to light about all proof of stake coins.  If you skim the bitsharestalk forums, its discussed there also.  Yes, theoretically purchasing 51% percent would make this possible. 
But no it would seem you cannot buy up all the TRU that you want.  Your restricted by the scarce supply of votecoins and the subjective value holders of those votecoins. IF the original distribution of votecoins is dispersed widely enough, can you purchase all 51%?  There will always be a large collection of holders who will not be selling, preventing anyone from achieving 51%.  And because you have not guarantee of acheving 51% stake, all it would do would drive up the price of the votecoins.  Votecoin squatters who rely on the income stream to pay for their bills and provisions may not give it up so easily.
You would either drive up the price so much:
1) You would bankrupt yourself first trying to achieve 51%
or
2) The expected gains of 51% from fixing a $30MM PM would immediately start diminishing rapidly the closer you get to 51%, until the votecoins are more expensive then gaming the market. 


Let's say you had enough money to buy every home in Boston at the current market rate, and you started with the East side of the city.  You started buying every home there.  Some people have been living there for years, and don't want to sell at the current market rate (value is subjective) and you have to pay 10% above the appraisal.  Neighbors would find out and immediately, the surrounding neighbors prices would drive up, and people would start holding out, seeing that historically prices have been going up.  Other speculators will come in and start buying up land at astronomical levels since they are attracted by the unbelievable returns-- thus thrwarting your mission to buyout all of Boston.  You find in your self driven asset bubble, you've attracted competitors which was opposite of your original intent to gain a 51% majority.  The only way you could buy up all the property in Boston is if you had an unlimited supply of money or had the ability to confiscate property and fix prices (imminent domain), eg. if you were the government.  Otherwise you would have to believe that half of all holders will give up their stake in votecoins. 


psztorc

I don't feel that it is a problem that you can buy/sell Truth, quite the contrary (as it creates opportunity cost, etc). Is it not cheaper to "buy Truth" in an Orisi oracle? The costs of pretending to be multiple people are almost zero in a technical sense, and only moderate in a psychological sense.

People can be hacked, or have disgruntled employees (or SAY they've been hacked/etc.) I think a nice, transparent, literal cost of X-USD-worth-of-something is just better.
Nullius In Verba

psztorc

Intro
I did have a separate idea for the 51% attack, that I've been thinking over for a few weeks now.

(That makes it kind of a new / untrustworthy idea, so feel free to take out your biggest criticism guns).

Model
In the real world, when people disagree, or fail to reach consensus, they don't usually just run with whatever the 51% of the group believed. Instead, they avoid drawing a conclusion altogether ("we couldn't decide", "let's continue this debate later", "more study is needed", "hung jury").

Conditional on the eventual resolution being accurate (and that's an important assumption), it doesn't really cost traders anything to wait (only the so-called risk-free-rate). However, attackers are slightly different: conditional on their inaccurate outcome being selected, they wouldn't mind waiting either (that part's the same), but they need to actively disturb the current equilibrium (of non-attack) in order to actually win. Their "conditional on" takes a little extra effort.

So we can make the actual resolution process "harder", because do-overs are fine but screwups (once permanent) are not.

Implementation
I've already, for testing/fun purposes, built in a parameter "Certainty" for each Decision, which represents the extent to which everyone is agreeing on that' Decision's outcome. One simple thing would be to aggregate that parameter into "Global/Average Certainty", and if that value isn't high enough (say 75%), simply a] refuse to do anything, and b] redo those Decisions next Voting Period.

In this case one would need 75% to successfully attack the network, but only 25% to freeze it for one period.

Defrosting
To address that, we could do nothing (RBCR will suck away their coins if they're in a dissenting minority [and this is how we treat people who propose weird ideas: sudden pause to consider their point of view, then a fall in interest in that person's opinion]). Of course, RBCR would stop freezes, but it would also guarantee that someone with 51% would eventually own 75% (as they would "profit" from RBCR). Then they would have the 75% they need.

Instead, we could allow RBCR in do-over-rounds, and return to an older idea I had: slowly walking that parameter "Minimum Global Certainty" down. It could perhaps start at .90, remain there if unused, but if a "do-over" were triggered, it could be 85% the next month (for those Decision which are a month overdue), then 80% (for those two months overdue), an on until a completely "non-do-over" Voting Round.

It probably wouldn't be more work for Voters...their client could just save their previous Ballot.

Results?- Warning: Confirmation Bias / Ad Hoc Thinking Ahead -
So there would be no permanent way of freezing the network, only a temporary way, making it not really an attack-vector. Even with 55% of the network, an attacker would have to wait the entire 8 months to successfully attack. Meanwhile, the price of these Votecoins would collapse (as failure is perceived...the attacker gets the worst [lowest] price if he waits to complete the attack, or the attacker himself tries to sell and the attack accidentally fixes itself).

Hopefully you will all look critically at this idea.

Good + Crazy = ?
Another idea, the NashX idea, is to just destroy all Trader's money if the network fails to agree (Global Certainty between .4 and .6). This has the drawback of being insane, but it is very incentive-compatible. You would not 51% attack such a network (buy up 40-60% of the Votecoins solely to gain nothing).

People don't usually like this because they intuitively perceive something called the "trembling hand" (accidental / irrational / forward-induction-threat-credibility-building-rational destruction of their entire payout). I don't think the trembling hand is as relevant here, as we can make it costly and complicated to trigger, with multiple people needing to make costly mistakes.
Nullius In Verba

axismoto

Quote from: psztorc on June 19, 2014, 07:46:00 PM

Good + Crazy = ?
Another idea, the NashX idea, is to just destroy all Trader's money if the network fails to agree (Global Certainty between .4 and .6). This has the drawback of being insane, but it is very incentive-compatible. You would not 51% attack such a network (buy up 40-60% of the Votecoins solely to gain nothing).

People don't usually like this because they intuitively perceive something called the "trembling hand" (accidental / irrational / forward-induction-threat-credibility-building-rational destruction of their entire payout). I don't think the trembling hand is as relevant here, as we can make it costly and complicated to trigger, with multiple people needing to make costly mistakes.

How would that solve anything?-- According to your definition Global Certainty is a aggregate average of all decision contracts.  A attack could just vote correctly for 99% of all decision contracts to make Global Certainity at 99%, but vote against one decision contract-- the Hillary Election 2016 that has millions on the line. 

Would it be better to refine this-- Global Uncertanty Penalty for specific contracts.  Only top 5% (or something else) Decision Contracts by truthcoin market value would be subjected to this penalty.  Where if a contract represents greater than 5% in value out of all those in the period and network fails to agree on its particular outcome, then the money in that decision contract would get destroyed.  So instead of destroy the trades of all decision contracts-- you would be destroying the one contract.

zack

I really like the idea of getting rid of expiration dates on decisions.
It is easy to measure time by blocks in a blockchain, but it is really hard to use 24-hours a day time that humans experience.
If you try to connect time to the block verification, each computer says a slightly different time, and it gives lots of forking opportunities.

Say the time is actually 12:13:43.5, but truthcoin nodes around the world are in a range between 12:13:42 and 12:13:45.
An attacker could make a block which is valid to everyone later than 12:13:44, and fork the network into two chains. The attacker could spend large sums of money in the smaller chain, knowing that he still has the money in the longer chain. This is a type of double-spend attack.

I don't understand what "RBCR" means.

psztorc

Quote from: zack on June 19, 2014, 11:58:21 PM
I really like the idea of getting rid of expiration dates on decisions.
It is easy to measure time by blocks in a blockchain, but it is really hard to use 24-hours a day time that humans experience.
If you try to connect time to the block verification, each computer says a slightly different time, and it gives lots of forking opportunities.
Doesn't Bitcoin's method work pretty well? It doesn't have to be perfect, but I thought Bitcoin was never off by more than a few minutes.

Quote from: zack on June 19, 2014, 11:58:21 PM
I don't understand what "RBCR" means.
That's reputation-based coin redistribution from the whitepaper, the essential incentive part.
Nullius In Verba

psztorc

I've been thinking a lot about this and have lots of new ideas.

Each new idea adds ad hoc-ness and complexity, but in 6 months of gathering feedback this is only the second time I've even considered changing anything (the first change was to add functionality, and did not address a design-problem).

So I think, on balance, its still going well.

The sketch of the idea is, as before, to model this on the way regular people converge on 'truth'. If a group gets "51% attacked" in the real world, other groups think of 'that group' as strange.

So if a branch becomes and stays frozen, I was thinking we'd have everyone vote (in the same SVD way) on which of say, the top 10 groups is least accurate, and penalize them. This would unfreeze the branch in a much-harder-to-attack-way.

To avoid confusion / Sybil, I think instead of Votecoins voting in this special instance, the actual Truthcoins would (have the option to) vote. No penalty for not-Voting. Perhaps the branch could float a fidelity bond (or even bet, a 'meta-PM') on the outcome to give people an incentive to weigh in.

I expect that, if we tested this and got it to work, it would never need to be used, except on very small branches where its more than possible that no one would ever care enough to try to unfreeze. Obviously one always wants to only be on the healthiest branch possible.

So, one would need 80% or so to attack, but only 20% to freeze. However, one cannot freeze for more than (say) 3 months, without triggering the MetaVote. Traders only suffer at the risk-free rate (assuming that there really is no risk that the MetaVote will go wrong).

The MetaVote will NOT go wrong, as it is super-costly to attack, and what's more (!), the miners might (at this point) conspire to prevent a malicious MetaVote block from ever going forward.

Sorry that this post may seem rambling, I have a lot to do today.
Nullius In Verba

kolinko

What if attacker does the following:

- puts a ton of TruthCoins on the main branch by betting all the possible outcomes of an event X - therefore losing only the fees
- then triggers a MetaVote by freezing any one of the branches?

In other words - doesn't MetaVote mechanism provide even a simpler way of attacking? The only cost would be the fees for betting all the possible outcomes of an event X, and 20% of VoteCoins. And of course a cost of freezing the capital within TruthCoins for a long enough time.

Bringing external inputs to smart contracts - Orisi.org / distributed oracles .

psztorc

Welcome to the forum.  8)

You're pretty confused, I think.
Quote from: kolinko on June 23, 2014, 10:21:41 PM
- puts a ton of TruthCoins on the main branch by betting all the possible outcomes of an event X - therefore losing only the fees
You don't "put" coins on a branch. Branches are just created at a point in time, and exist.

Quote from: kolinko on June 23, 2014, 10:21:41 PM

- then triggers a MetaVote by freezing any one of the branches?
You need 20 or 30 percent of the branch's Votecoins to do that, but sure.

Maybe I mis-explained something. As I said on reddit, I didn't really publish everything I have, its not my style to just write things down without editing them.

But I guess now you've got me doing that again, so here goes:

General Truthcoin Strategy: Info-search costs decrease with time. Funds can be 'locked' for a period of time. Use time as a differential, and mimic existing truth-finding behavior whenever possible.

1] Run svd-consensus function.
2] Were Decisions near-unanimous? If any Decisions weren't (at least x=25% disagreed), pull them out and re-run svd, punishing any slight-non-conformists (exactly as before).
3] With the 'Disputed Decisions', have everyone vote again next Voting Period.
4] If the Disputed Decisions fail to resolve y=3 times, place them into a special "global vote matrix" (instead of "branch", you might call it the global "tree", or root or something).

So far this is pretty basic stuff, with someone needing 1-x = 75% of the branch Votecoins to attack, and only x=25% of them to "freeze" the Decisions (ie prevent their Markets from ending).

5] The 'global vote matrix' from 4 fills up with at least z=10 Disputed-Decisions, and then triggers a special 'global svd-consensus'.

(Still very basic, but pay attention to this next part).

6] The 'global svd' is different in that anyone with usable Truthcoin (ie cash only / coins that have NOT been traded for shares in a Market) can vote in them using their Truthcoins as a kind of special Votecoin. They suffer the svd-consensus process based purely on Schelling salience. There is no RBCR, just a proportional split of a single payout. To satisfy the coordination-game requirements, any consensus would net the voters the same payout: w=5% of the outstanding share value of all Markets (currently frozen for this 'audit'). However, the people voting in this process are necessarily third-parties (anyone standing to gain or lose has their money trapped in a Disputed Market, and can't vote).

7] The global svd cashes out those who voted, using this w=5% pool. The winning traders not only get back what they're entitled, but all of the loser's money.

(Regardless of what happens above):

8] If they haven't already (and if there aren't too many existing Decisions on the existing branch to discourage this) people start a new branch, cloning the ownership for all the honest voters, and firing completely all of the attackers. New voters attempt to demonstrate that they won't sell to any more crazies.

Even if someone bought up 75% of a branch, people could stop trading on it, and clone the 25% unpurchased part. We'd lose the existing Decisions (which would suck), but the attacker would get nothing. Branching lets me cheat out of many criticisms through competition and entrepreneurship. However, I don't consider my idea to be successful if the trust-creation is done on a large scale by branches, which is why I sketched out that patch above.

Does this makes sense?

Thanks for helping to improve the idea! I think I am learning more from this discussion than from anyone else (XCP, BTS, MSC, etc).
Nullius In Verba

LimLims

Perhaps I misunderstand the dynamics at play here, but if someone successfully manipulated an outcome with 51% of voting power, what would stop them also manipulating the vote for which of top 10 were least accurate?

kolinko

QuoteYou don't "put" [TruthCoins] on a branch. Branches are just created at a point in time, and exist.

Perhaps this is a point I don't understand something. I assume the branch runs on TruthCoins, but there is a way of pegging them to Bitcoin via the replicating portfolio method you mentioned. Or I can just buy enough TruthCoins on the main branch, and then sell them once I used them to destroy another branch.

BTW I may be misunderstanding the whole concept of replicating portfolio you mentioned.
Let's say that it's very early and the market depth for TruthCoins is 5BTC (so, I can buy TruthCoins for 5BTC without significantly changing the price and losing a ton of money on spread, when I want to sell TC back for BTC after the bet finalizes). Is there a way for me to make a bet for 10BTC? I get a feeling that the replicating portfolio mechanism would break, and I'd lose too much money on various spreads, but perhaps I'm wrong?

The reason I'm asking, and really the reason I launched the whole Orisi was that I wanted to create a bitcoin wallet that guarantees that would be denominated in dollars. I wanted to secure it through the term contracts, but after analysing TruthCoin I was afraid that someone would destroy the business by 51% attack, or - if a soft peg was used - once my wallet happened to dominate a branch of TruthCoin, the peg would break away.

QuoteHowever, the people voting in this process are necessarily third-parties

It's different money voting, but it may be the same people. Doesn't the point 6 fall apart here?
0) Let's assume the weak branch has a market cap of 1kBTC
1) I make bets for an equivalent of 1kBTC on a weak branch
2) I buy 25% of VoteCoins on a weak branch, paying 250BTC and use them to lock that branch
3) Once the branch is locked, I create an assurance contract to buy 51% of TruthCoins on the main branch. This costs me who cares how many Bitcoins.
4) If the contract ends successfully, I swing the vote on the weak branch. I sell the TruthCoins.
5) I lose all my VoteCoins' value as people abandon the branch, but I gain 1kBTC from winning the bets.

Also, how will the system react if it's the main branch that is being attacked?

By the way. I know that an attack using 100kBTC, or even 10kBTC is very unlikely, and if TruthCoin gets to that size, it should be stable enough. But what I'm arguing really is that those attacks may keep happening with smaller market caps (10-100BTC).

QuoteEven if someone bought up 75% of a branch, people could stop trading on it, and clone the 25% unpurchased part
My instinct is that cloning a branch would cause problems with TruthCoin valuation, or with soft pegging / replicating portfolio. If I have X bitcoins' equivalent on a branch, and it gets cloned (forked?). Do I maintain X bitcoins' equivalent on both branches? I must either misunderstand the way cloning works, or the pegging mechanism you mentioned works.

If your defence is that in case of trouble community will strip away the attacker of TruthCoins or VoteCoins by performing a clone/branch fork, doesn't that mean that I'm really trusting the community, and not the system?

QuoteThanks for helping to improve the idea! I think I am learning more from this discussion than from anyone else (XCP, BTS, MSC, etc).

Thanks for providing all the answers :) And sorry if some of the questions seem ignorant - I'm an entrepreneur, not an economist or a stock trader, but I try hard to understand all the terminology and concepts.
Bringing external inputs to smart contracts - Orisi.org / distributed oracles .

psztorc

Quote from: LimLims on June 24, 2014, 04:58:05 AM
Perhaps I misunderstand the dynamics at play here, but if someone successfully manipulated an outcome with 51% of voting power, what would stop them also manipulating the vote for which of top 10 were least accurate?
Quote from: kolinko on June 24, 2014, 10:24:27 AM
3) Once the branch is locked, I create an assurance contract to buy 51% of TruthCoins on the main branch. This costs me who cares how many Bitcoins.
To answer both questions, by definition this would cost you 51% of the total Bitcoins (to guarantee this). Although in this world we have renamed Bitcoin to Truthcoin. (I agree that the naming is now FUBAR for anyone who takes a two week vacation from the forum).

Quote from: kolinko on June 24, 2014, 10:24:27 AM
Perhaps this is a point I don't understand something.
We are theorizing Truthcoin as a side-chain or as an airdropped Bitcoin replacement (what someone on reddit called an 'alt-ledger'). So, either way, Truthcoin would have the same market cap as Bitcoin, or the largest Ethercurrency (or however they decide to organize their digital scarcity).

Quote from: kolinko on June 24, 2014, 10:24:27 AM
It's different money voting, but it may be the same people.
I'm sure this must sound strange, but I actually don't see a difference (incentive-wise). People do 'mental accounting' all the time ("I'm so glad I won that $250 today because I just got a $200 parking ticket!", etc).

Quote from: kolinko on June 24, 2014, 10:24:27 AM
If your defense is that in case of trouble community will strip away the attacker of TruthCoins or VoteCoins by performing a clone/branch fork, doesn't that mean that I'm really trusting the community, and not the system?
I agree with you that it is not an acceptable defense, which is why I wrote: "However, I don't consider my idea to be successful if the trust-creation is done on a large scale by branches, which is why I sketched out that patch above." But I did want to mention that there is an entrepreneurial human-governed problem-solving apparatus in the branches. They are each like competing firms. Again, I agree that saying "Let the bad firms die, rah competition, etc." is not good enough, which is why I sketched out that global audit.
Nullius In Verba

kolinko

QuoteTo answer both questions, by definition this would cost you 51% of the total Bitcoins (to guarantee this).

By "total", you mean half of the bitcoins already in existence? If so, I definitely have a problem understanding how the pegging is supposed to work.

QuoteWe are theorizing Truthcoin as a side-chain or as an airdropped Bitcoin replacement (what someone on reddit called an 'alt-ledger'). So, either way, Truthcoin would have the same market cap as Bitcoin, or the largest Ethercurrency (or however they decide to organize their digital scarcity).

As for side-chains - you know that one of the core developers recently proposed that the idea be dumped in favour of distributed oracles, right? http://gavintech.blogspot.com/2014/06/bit-thereum.html. As for alt-ledgers / airdropped Bitcoin replacements - any place I can find more info? I probably know the technique, but under a different name...

QuotePeople do 'mental accounting' all the time
Attackers don't do that. They do real accounting. ("I can burn this ten dollars if it helps me to earn a hundred somewhere else.") But I'm nitpicking here.

QuoteI agree with you that it is not an acceptable defense
To be frank, I don't think that 51% percent attack will actually cause problems, because in practice - at least in the main branch - 51% will be owned by people who will not be willing to sell it for any price. Just like in Bitcoin i trust early adopters to not dump 100kBTC during one day.

But the real issue is that pegging mechanism really. That's where I started the discussion on Reddit. With bitcoin sidechains in the freezer, I see no roadmap for betting in BTC using Truthcoin. Perhaps that's because I don't know what that alt-ledger is, or replicating portfolio really - but I don't understand how this can interact with Bitcoin if my business' bets were to be a large part of TruthCoin traffic. I'm probably venturing off the thread's topic here, sorry about that.
Bringing external inputs to smart contracts - Orisi.org / distributed oracles .

psztorc

Yes.

Imagine that Truthcoin replaced Bitcoin. How could this possibly happen? First, assume that by some miracle, the software not only works as designed, but several leading experts have expressed the opinion that it will continue to do so. Secondly, assume that I just gave away the entire monetary base. Anyone who owns 13.4 BTC at date X, now owns 13.4 BTC and 13.4 Truthcoin. Same mining, same everything. This can be done by taking a snapshot of the unspent outputs set. See Bitshares where they talk about this endlessly.

That was a replacement for Ethereum, not side chains! Quite different. YOU know that I commented there, and on this forum about the idea? :)

Yes, but rational attackers may also think "lets not throw good money after bad", "I've already burned 10 dollars, should I risk this new 100 dollars?".

Yes, we don't know the private valuations of the owners. We only know that they are HIGHER than the current market price (at a single given point in time). The owners (or potential owners) might all react in the same or different ways to new information, its all very volatile.

Sidechains would be nice, no doubt.
Nullius In Verba