Aviv Zohar
Dec 22, 2016 · 1 min read

Thanks for your reply.

A comment about your main point here:

Your ChkRobustAccept is probabilistic. Thus the accepted set is never 100% final, only (hopefully but there are exceptions if your chain is not the dominant one in the world) asymptotic.

Thus the mining nodes can’t be entrusted to agree on which UTXO is accepted. This problem is avoided with Satoshi’s single longest chain (where all others are orphaned) because the miners declare their agreement to mine on the longest chain. But your design doesn’t require the miners to declare their synchronized agreement on a UTXO.

This is incorrect: Bitcoin’s longest chain rule is also probabilistic. An attacker always has a chance (which decreases exponentially) of creating a longer chain than that of the network. The exact same thing applies in SPECTRE.

In fact, a famous impossibility result (the FLP result) in distributed computing tells us that we cannot have a deterministic consensus protocol in an asynchronous network. You must break one of the assumptions there to have a working protocol.

See here: https://groups.csail.mit.edu/tds/papers/Lynch/jacm85.pdf

    Aviv Zohar

    Written by

    Prof. at The Hebrew U and Chief scientist @ QED-it