Shelby Moore
Dec 22, 2016 · 3 min read

I intended the criticism about PoW being a power vacuum to be orthogonal to discussion about synchronization issues. I agree that you didn’t claim improvement in the economics of centralization of blockchains other than the elimination of propagation synchronization for lower hashrate miners. It isn’t a flaw in the claims of your paper. Apologies if that wasn’t clear to readers. I wanted to register that point, because although afaik no consensus ordering design has ameliorated that issue, I do hope to posit such a design; thus I register the distinction.

If you combine my other statement with the one you’ve quoted in your response:

But how can all the nodes synchronize on a UTXO set if they are not synchronizing on a single longest-chain? In the presence of double-spends, the resolution is probabilistic thus nodes could disagree as to the valid UTXO set. Or do nodes allow downstream transactions for all the conflicting double-spends? I am envisioning this could become a mess of downstream transaction spaghetti which is in essence is inflating the money supply. The system continues to track and allow transacting of all double-spend forks, thus both are money.

Your ChkRobustAccept is probabilistic. Thus the accepted set is never 100% final, only (hopefully but there are theoretical exceptions if your chain is not the dominant one in the world) asymptotic.

Thus the mining nodes can’t be entrusted to agree on which UTXO is accepted. This problem is avoided with Satoshi’s single longest chain (where all others are orphaned) because the miners declare their agreement to mine on the longest chain. But your design doesn’t require the miners to declare their synchronized agreement on a UTXO. Thus afaics the miners can’t make decisions whatsoever about which of a conflicting transactions is the valid one. Thus afaics, the miners must maintain UTXO for all conflicting transactions and their downstream derivative transactions. Thus afaics all conflicting transactions become “valid” in the sense that they are all recorded in the blockchain (and thus participants are free to assign value to these conflicting transactions in the free markets). Thus doesn’t this impact fungibility? Fungibility becomes probabilistic.

I haven’t tried yet to dig into specifically how this probabilistic ambiguity impacts difficulty retargeting, but I did intuitively expect to find a vulnerability or flaw when I have time to do so. I have always thought that rewarded PoW and a DAG were incompatible because of the difficulty retargeting issue. Perhaps my intuition is wrong and your δ factor compensates for the probabilistic ambiguity. Need to study and think about this more.

Btw, I conceptually (without working out the proof of consistency for the accepted set) conceived of your design in late 2015 or early 2016 (after studying Iota) and I dismissed pursuing it for these reasons.

I apologize I don’t have a more mathematical proof of my criticisms. I am trying to share my conceptual thoughts off-the-top-of-my-head, not really having the free time at the moment to dig into proofs.

So I agree I have not proved a flaw in the claims of your paper. If you find my sharing my conceptual thoughts to be not constructive, then I think that is unfortunate. I think it is possible to share ideas before digging into proofs. But since you’ve published in an academic context, I do want to make it clear that I have not proved any flaws in your paper. I hope that helps to clarify for readers. Perhaps I or someone else will put some more time into this soon.

Perhaps consider my comments as ideas for future work.

    Shelby Moore

    Written by