Reputational Enhanced Delegated Proof-of-Stake (REDPOS)steemCreated with Sketch.

in #blockchain5 years ago (edited)

Before you continue reading this post, I recommend you to be sure to read:

The History of Delegated Proof-of-Stake (DPOS) by @blocktrades
In the Beginning, There Was DPoS by @theoretical
XRP/Ripple Summary by @joelkatz
The Ripple Protocol Consensus Algorithm (original whitepaper)
Understanding Proof of Stake: The Nothing at Stake Theory
What is Steemit reputation and how does it work? by @arcange

Consensus Ideology: "Benevolent Dictator" vs. "Proof-of-stake (POS)"

Let's define the "Benevolent Dictator" as a centralized entity that has total control over a group of block producers in a way that it can control that blockchain without provably risk of being replaced by another entity.

Back in 2012 when the Ripple (then Open Coin Inc) protocol was launched as a cryptocurrency related project, the company itself acted as a Benevolent Dictator. Each node contributing to the ripple ledger was operated by Ripple aka Benevolent Dictator.

However from its inception, a plan was set to decentralize the network resorting to the Unique Node List (UNL) maintained by each server. Only the votes of other members of the UNL are considered when determining consensus. So if the UNL consists of only Ripple controlled servers, then the ledger is centralized.

The idea behind the "benevolent dictator" on its inception is that there is no point (for that dictator) in destroying value as at that point of the history of the network is a "to be created" status. Before taking advantage of any amount of "value", it must be created.

On classic Proof-of-stake it is suspected that an attack could cost as little as purchasing only 1% of the stake in the network. If disrupting consensus theoreticaly costs only 1% (in PoW an attacker needs 51%), then any malevolant participant could jeopardize it.

Consensus Improvements

* Replacing the "Benevolent Dictator" with a group of “trustees”

There is no point in having a network of servers resorting to a UNL if all servers are run by the same entity. If you want a real decentralized network, those servers should be operated by independent entities, the group of "trustees". The Unique Node List, is just the list of trusted nodes for each server.

The "Benevolent Dictator" however controls the process of decentralization by means of a gradual transfer of power. It shuts down one server at a time and the "trusted independent entity" is added to the UNL as a replacement. So the influence of the "Benevolent Dictator" in conforming the decentralized UNL is similar to the STEEM ninjamined stake (or in general any "nijamined stake").

* Delegated Proof of Stake

"DPOS was essentially a synthesis of these two ideas, combined with a twist: instead of large stake holders directly producing the blocks, the stake holders would elect the block producers to make the blocks."- @blocktrades

In my opinion, DPOS is a synthesis of Consensus in its "Benevolent Dictator" stage and POS. That synthesis opened the door to the appearance of Dictator (either "benevolent" or "malevolent").

The Justin Sun attack on DPOS

Thats the current situation for Steem. A "Malevolent Dictator" managed to disrupt STEEM by controlling enough witnesses. Benevolent witnesses in turn soft-forked the network in a way that resembles the UNL ideology. But since DPOS is a trustless protocol, the "Malevolent Dictator" managed to reinclude himself on the network by means of Steem Power.

Beyond DPOS: Reputational Enhanced Delegated Proof-of-Stake (REDPOS)

image.png

Image Credits: Willyam Bradberry/Shutterstock

As STEEM is a social blockchain, there are certain human attributes and values that need time to develop. According to @blocktrades STEEM's reputation system was developed as a quick bandaid for spam problems that needs to be improved by a reputation system that really works.

Lets for a moment imagine that a reputation system that really works is already implemented on a DPOS blockhain.

The next logical move is to include that reputation score in the witness electoral process. Such a system is no longer a Delegated Proof-of-Stake blockchain.

Let's simplify the idea:

DPOS: Voting Power --> witness rank

So its a voting power competition. On STEEM the first 20 witnesses "win" the competition and are the equivalent of the UNL on Ripple consensus (a sort of "reputation" list).

Why not enhancing the protocol by taking into account the "reputation" of each witness (providing is a reputation system that really works). Thats what I describe as a new synthesis of consensus ideology.

REDPOS: Voting Power * Reputation --> witness rank

That's how you could avoid 30 newly created suckpuppet witnesses with a #25 REP taking control of a 4 year old blockchain.

STEEM not only needs a fork but it needs a protocol enhancement, a REDPOS as the natural evolution over DPOS. Afterall, it's a social blockchain.

#steem #witness #dpos #redpos #tron #ripple

Sort:  

"...a reputation system that really works..."

There's the rub. It's difficult to imagine a reputation system that actually works. The current Steem reputation system is demonstrably not it. You can just buy phat votes that will jack your rep on Steem presently.

Think about how rep works in the real world. There are folks you admire, and whose opinions you value highly. They have high rep to you, but who knows what their rep is to others? Not you, unless you know those others and discuss that topic, and they actually tell you the truth.

Rep is a highly complex and utterly subjective mechanism in the real world, and that's why it has value. Trying to make something similar has proved difficult on social media, athough UA seems to have done the best of any attempt I am aware of.

The fact is that I do not share your opinion of User X, and I don't want to. If I do value your opinion, I might assign it some ability to indicate how much I'll respect someone else - but only to some degree, and that is going to vary from person to person, on both ends.

How that might impact witness elections is just as variable.

Personally, I reckon the age of representatives is ending. It's time for liquid democracy without representatives; for users that are nodes and do the governing themselves. AI will be more necessary for we noobish plebs to be able to set price feeds, as an example of one such variable, but that's only necessary if we have multiple tokens, which isn't particularly necessary TBQH.

A stripped down code that can run on obsolete boxes with users sharing the data via torrents can eliminate hosting costs, nodes otherwise, and be actually distributed and utterly decentralized, and after seeing Steem, that's what I reckon we need. There's a million ways to share beneficial interest, and a token isn't a necessity. Dapps that add tokens, different types of content, and etc., can supply nodes and bandwidth along with the content,and users can add them to their stack if they want.

I expect an actually functional reputation system will be more difficult than almost any other aspect of a social media platform because of subjectivity, and the difficulty of making that useful.

Thanks!

First, thanks for your opinion @valued-customer , I felt this post was just too large as a comment at The History of Delegated Proof-of-Stake

I think, every system can be attacked (51% attack on PoW, etc, etc). Regarding REP what I find interesting is that it doesn't have any witness power value at the moment and it is part of the system for some time now. That is an advantage in my opinion. Outsiders can't just create REP in a minute and take the whole chain (like Justin Sun suckpuppets did). If STEEM had a REDPOS protocol, he would at least needed to start a "stealth" attack first (create the suckpuppets and "work" on them to adquire enough REP to guarantee a good witness rank).

Also, in my opinion, a good REP system, should take the account age as parameter too. That's the advantage of a 4 year old blockchain (you can't implement such a thing from day 0, but we are not on day 0). Why would a "baby" represent "adult members" of the chain?

The chain is only 4 years old I know, but it is still better than 0. Maybe if the chain was 40 years old, should ask for a 10 year experience as parameter to become witness. If the chain is 4 years old, at least 2 years. Something like that, the idea is that you need to hang around some (significative) time to become a witness on the chain.

For a social oriented blockchain, I see the "REDPOS" concept as better than "DPOS".

After all when STEEM started it was announced as "experimental POW" with a 1st failed attempt:

[ANN][STEEM][POW] - An experimental Proof of Work blockchain

and here the "good" one:

[ANN][STEEM][POW] - NO IPO | NO PREMINE | NO INSTAMINE (relaunch)

So for a REDPOS deployment, the advantage is that witnesses didn't know their REP would be used, we could argue that they were "mining their REP" during 4 years.

There's the rub. It's difficult to imagine a reputation system that actually works.

StackOverflow

@krischik StackOverflow is a very specific niche community, so its peers evaluating eachother (a sort of qualified vote.

On an universal social blockchain, you have people interested on arts affecting people interested on tech, mutually contributing to the reputation. Maybe that's the reason why a reputation system for a universal social blockchain is quite a problem. @blocktrades is working on such a system, but I suspect is a higher level of complexity than using models that work on specific subject oriented communities.

You're putting on your blockchain designer hats. This is exactly the sort of discussion I like to see.

Thanks you for your kind words @theoretical!

"Outsiders can't just create REP in a minute and take the whole chain (like Justin Sun suckpuppets did). If STEEM had a REDPOS protocol, he would at least needed to start a "stealth" attack first (create the suckpuppets and "work" on them to adquire enough REP to guarantee a good witness rank)."

Actually, with the stake Sun has, he could quickly buy the highest rep on the platform from vote sellers, in only a day or two. At least the way Steem rep is now.

The account age is also not foolproof, although it's better. I just found an acount this last week that has been here since 2016 but made it's first comment that day. They've been delegating to bots during their entire tenure on Steem, but not socializing at all.

While this is an outlier account, and it's pretty hard to imagine anyone setting up an account and waiting for years for it to be usable for some kind of illicit attack on governance, I also know of users that have claimed to have ~10k accounts, and presumably have simply been adding accounts since they got here, and got here early. I am pretty sure there are a lot of users with a lot of accounts, although 10k is, again, an outlier.

Because there are so many of these 'pre-aged' accounts, I don't think account age is a functional rep mechanism we can count on much either, although it might be very useful to look at account youth with suspicion instead.

I do appreciate your interesting ideas, and don't want to discourage you from having good ideas, but do think the criticisms I've brought to your attention should prompt you to think more, and have even better ideas. One of the problems with society is how rep works IRL, and that's why we get such shitty politicians in office.

Pretty sure I don't want the same combination of self-aggrandizing psychopaths with piles of money buying their way to power over Steem. Oh wait..

Anyway, I hope I didn't communicate that I have no interest or respect for this concept. I do think it's incomplete as I have understood it. I do think it can be better than DPoS, at least the bungled interpretation of DPoS we have atm, but I think rep needs to be improved before it can be used to decentralize governance in the way you want to use it.

Thanks!

Thanks for your contribution @valued-customer! For REP I mean "a better REP system" (i.e. as @blocktrades is working on). Also a REDPOS uses a combination of human activity related parameters.

You could let an account "age", but then again, it's just one parameter. For it to have a REP greater than 25, that account needs to have some sort of activity. It needs to be "worked".

So such an attack costs more and is harder to execute than the current attack going on STEEM. I'm just proposing a definition of what a REDPOS protocol would be, I'm not a coder. It relies on a well coded REP system, the current one has been defined as a "bandaid" arrangement.

So a REDPOS implemented with a better REP system should be stronger than a REDPOS implemented with a bad REP system.

"...such an attack costs more and is harder to execute than the current attack going on STEEM."

That's true, but I think the important question is whether it would be harder enough.

I am not familiar with @blocktrades efforts to improve rep. It definitely needs improvement IMHO. However, as I pointed out, IRL rep is highly subjective and individual, and that's most of why it's useful. I don't see some kind of standardized rep that's calculable as emulating that utility.

Thanks again.

I think we should not shy away from the subjective nature of it. Nobody is expected to get along with everyone. That is how it should be on here.

In a shameless shilling of my own ideas, I posted my take and proposed solution on rep a couple of days ago. It's on my blog if you'd like to voice your opinion.

In the end,I think it will take a number of different systems which conclude on rep in different ways. Having several points of views will allow dapps and users a better picture of who/what various accounts are.

Don't be shy about posting a link to your proposal, doing now for you: Steem Proposal - Account Rating System

From your proposal:

To put it another way, no belief or opinion is more valid than another. Therefore, such a system could not include stake as a variable.

I don't agree, stake related vote is a meassure that turns a sybil attack into a costly endeavour.

Also experience makes certain opinions more qualified than other ones.

It's not logic to put the same value on a witness with 0 year experience at the same level of a witness with 4 year experience. When you are looking for a job, that's an important item.

Agreed. It's about two different subjects:

A) Protocol philosophy. If REDPOS protocol is an improvement over DEPOS for a social blockchain.

B) If a specific implementation on a certain protocol is a better system than what exists today.

I strongly believe that REDPOS is a protocol philosophy that represents an evolution over DEPOS.

But I am no developer. It's out of my reach to produce such an implementation. It would need really good developers to produce a "NEWSTEEM on REDPOS". Just wishing some good ones, understand the need to evolve DPOS and maybe work on some REDPOS alike implementation.

Thoughts on a reputation system similar to Google's page ranking system? Users could have a place somewhere in their profile where they add links to other users that they consider trustworthy for governance. Someone with a high reputation adding a link to another user means that this second user's reputation increases. Whereas if a low-reputation user adds a link to another user, it doesn't make much difference.

How Google did it is that they manually picked a number of websites that they considered trustworthy and gave them a high reputation. And from there on, when those websites included links to other websites, then it increased those other websites' reputations. And so on it spread. We could replicate this process for user reputation. Reputation would basically be a score for "How trustworthy is this person when it comes to the governance of our platform?"

How Google did it is that they manually picked a number of websites that they considered trustworthy and gave them a high reputation.

Looks similar to how Ripple is decentralizing their validator nodes. Their UNL started as a 100% ripple nodes list, then they replaced one ripple server with a "trustworthy one" (on their own view) at a time, until the ripple owned servers became the minority of consensus.

Someone with a high reputation adding a link to another user means that this second user's reputation increases. Whereas if a low-reputation user adds a link to another user, it doesn't make much difference.

I like this idea, seems like the decentralized version of what Ripple or Google did. I see a good potential on that idea, if a good developer takes it.

I know @blocktrades is working on something, not sure if it's the same idea. Maybe other devs can chime in as well.

For the sake of STEEM's decentralization, this would be the best path to take. In all ends, the community-elected witnesses will ultimately decide the fate of the Blockchain. I believe they'll do the right thing in order to prevent any situations (like the the recent hostile takeover) from occurring again in the future. While this is my first post/comment, I've been into STEEM since its early days back in 2016. Things were a lot different back then, than what they are now. I hope that this dilemma would be put to an end once and for all to restore stability to the STEEM blockchain.

Things aside, your article/proposal was a great read. Thanks for sharing this with the STEEM community. STEEM ON!

Thank you @abiky! Let's push for an evolution of the DPOS protocol!

Great post and idea ! But as stated by others , finding the right reputation system is hard.
I really like the theory behind @steem-ua but there are some flaws : it's computationally heavy (iterations) , and they used witnesses ranking for initialization. Also I'm not sure if they made the code opensource or not at some point

Thank you @stoodkev! In my opinion "STEEM REDPOS" doesn't need to be theoretically perfect. Actually any protocol will have its flaws.

But "STEEM REDPOS" should just be better than "STEEM DPOS" to try it.

The STEEM community is an already 4 years old one. Time and experience is an human factor. If "REDPOS" was implemented on day 0 year 0, REP could have been heavily distorted by "evil" witnesses.

The fun fact, is that they didn't knew that they were "mining REP" for 4 years.

Also, "REP" is not the current STEEM REP, REP should be a better REP system as defined by @blocktrades

What community on the real world elects babies as representatives? You need to be at least 18 years old (or more), depending the community or even have been a steady resident before becoming an authority.

Likewise, STEEM is already 4 years old. Why not demand that a witness account is at least 2 years old?

If STEEM was a 40 years old chain, why not demand that a witness has at least a 10 year presence on the chain?

Ok, if STEEM was 100 years old, don't demand at least 50 years presence, but you can set a max cap (I don't know, 15 years).

So idealy a "REDPOS" should create "defense power" that emanates from experienced members of the chain.

Experience and residence time, is a factor of any community. That should be coded somewhere on a social chain governance.

I don't think the accounts'age should matter. A malevolent actor could buy old accounts and in the other hand a benevolent new actor with lots of experience should be able to witness.

Other than that I agree that rep could and should be better.

A malevolent actor could buy old accounts

I agree each parameter that constitutes a REP could be gamed. A malevolent actor could buy not just an old account but a "good REP" account, after analizing the REP system. In any case it is another level of defense for the social blockchain (compared to plain DPOS).

a benevolent new actor with lots of experience should be able to witness

I don't agree on this point. Here comes into consideration the "community" aspect of social blockchain. That benevolent actor could have lots of experience on other blockchains or even o other community oriented blockchains. But a representative is not the kind of position that is usually of global reach, a witness on a REDPOS would not be just an engineer.

An engineer is a global reach position. It doesn't matter if his previous job was on another company or even if that company was located on another country.

However, a community representative usually isn't "imported" or "exported". If he changes community, he needs to build trust. It's not that a Senator from "country A" then goes to "country B" and can be elected. We don't see that happening on the real world.

That's the reason why a newly created user can´t become witness from day one on a 4 years old chain.

It would be sort of a "conservative flavor" (towards the community) added to the protocol. In my opinion, a valid one.

As many others already pointed out, making an automatic assessment of reputation is extremely difficult. And that is not all, there is no guarantee that the account owner stays the same. Probably the easiest way to make a reputation system would be account age, capped at 2 years (Else it will get increasingly difficult to remove malicious witnesses in the worst case as well). Now, Justin Sun could just buy 20 accounts (sneaky) of people to do this. Not only that, Steemit Inc probably owns a whole fleet of "old" accounts they could've used for this.

Now, the more complex the reputation system gets the more difficult it will be for an attacker to take over. However, it also gets less democratic with each step. What happens if there is a witness the vast majority disagrees with but due its time on the chain its reputation is too high to remove it from the list of witnesses.

DPOS is not a democracy it's more like an anarchocapitalist experiment. Is not 1 person 1 vote (or 1 account 1 vote). It is based on ownership rights. The blockchain is a consortium of several SP owners, that designate administrators. The witnesses election process is just an extension of ownership mandate.

The problem with STEEM in particular, is that Steemit Inc.´s STEEM share has been designated as a special type of asset. At code level, SP from Steemit Inc. is the same as SP from John Doe. At social level it was agreed that those STEEM had no voting rights. A soft-fork was attempted in order to code the social agreement regarding that stake.

A REDPOS protocol should not turn a blockchain into a democracy, because if you completely erase the ownership concept, you destroy the value of each stake. However no consortium or human community would let a 0 years old or cero experienced person turn into an administrator.

With less democratic I meant "witnesses get more power the more reputation they have compared to the stakeholders without having any stake".

I agree that new accounts becoming an administrator is bad, the problem, as I pointed out, is that we cannot guarantee how long someone is on chain. We don't know if it is a real person and we don't know if its the same person either.

Yes account age is jut one parameter. A good REDPOS implementation would logically depend on a good REP system development as REP would be a key aspect of such a protocol.

What Justin Sun did to STEEM blockchain is a complex type of Sybil attack, using SP to vote from socially unauthorized sources (both the Steemit Inc. stake and the exchanges stakes were not supoused to vote). It's both democracy and ownership fraud (but ownership restrictions agreed by the human community were not coded).

If you buy an asset that comes with certain restrictions, you get a discount. If you then ignore those restrictions (because there is no code that can actually avoid you to ignore them), you create value in a fraudulent manner.

The aim of a REDPOS protocol should be that the witness designation process be less democratic so to avoid sophisticated sybil attacks.

I understand this. However, designing a good REP system is difficult, designing one that cannot be games even more difficult and designing one that cannot be gamed and users don't sell their accounts with REP is almost impossible.

And if you achieve it, making it SP * REP is probably not a good idea because it takes power away from the stakeholders.

thus, it would make more sense as a minimum safeguard to become a witness.
(Need REP > X to participate in consensus).

Maybe a good REDPOS implementation could use the account-age (or the entire REP) as a parameter affecting not only the eligibility of an account, but the voting power of every account.

If "NEWSTEEM" would run in such a REDPOS, then NEWSTEEM holders would increase or decrease their voting power not only by means of SP, but by means of SP affected by their own REP. Would not affect ownership rights, since it would be a known attribute of the NEWSTEEM asset class.

And "NEWSTEEM" witness candidates would get their rank affected not only by incoming votes, but by their REP.

I like the idea in general, but it would then result in Peer to Peer vote buying to increase your own REP.

Certainly parameters such as account-age wont be affected by peer to peer vote.

Also if REP value increases it should mean that an attack on sucha a chain would be more costly.

The cost calculation for the current hostile takeover was pretty simple. A good REDPOS implementation should turn a hostile takeover cost calculation into a more complex task.

Hive draft proposal for Reward Distibution and Voting Power.JPG
@blocktrades - please consider
It's just a draft. percentages can be played with. Food for thought

Good suggestion @atma.love Why do you consider that the "length of posts" should affect the reputation?

@argosolver. Thanks for your response. It's more about the length of comments (as opposed to posts) i suppose. I often see comments like "good content" and the like, multiple times from the same account. It appears to me they are just doing so to gain the rewards, as opposed

But i see i have that covered under rewards, so perhaps this is sufficient.

I think that on to decide upon this type of stuff, we really need a more organised way. I would really like to see Steem/Hive using the Matrix-8 Platform as their system of governance. This, imo, would have an enormous benefit. I encourage you to investigate: https://steempeak.com/hive-153630/@atma.love/some-links-about-matrix-8-platform-by-atma-love

Namaste

Ok @atma.love will investigate that 8-PAC Matrix.

This is a good starting point for exploring improvements. One advantage of DPOS is that you can tweak voting in an infinite number of ways. Besides user reputation, I'd like to take into account the witnesses' track record, i.e. how many blocks they've produced and which percentage they've missed. And while @steemchiller wants to stop witnesses from voting (which would be easily circumvented), I want to give them additional votes. E.g. the top 5 witnesses would co-opt 5 additional witnesses. This would be a way to appoint people who have proven themselves as experts, but aren't rich or popular.

I think experience has shown that a more conservative system would protect us from attackers. This could include a popular vote weighted by account age, account activity, reputation and a follower graph like @steem-ua. It would be difficult and expensive to fake all of those signals.

A good REDPOS implementation should manage to avoid this:

image.png

image.png

Those low reputation sockpuppets however are high "user authofirty" accounts. That's why we are emergency forking.

https://steem-ua.com/

Agree. Account-age is also a very powerfull parameter for a REP.

A good comparison!

I would love to read some open research. Unfortunately there are no scientific blockchain designers in the steem-ecosystem (I´m aware of, maybe there are?). I mean I wish them the best luck with trying things out but the big guys @ bitcoin and ethereum, cosmos, ... work with mathematical proofs. On steem it was like "hey look at us we have lots of SP hence our opinion is "right"..." , I mean they maintained the code and stuff which is great but there was no opensource-evidence based discussion going on.

They just need to prove collusion resistance with a game-theoretical model...

I mean dPOS is a consensus mechanism, the voting mechanism is not the consensus mechanism. Mathematically both are two distinct modules interacting. Like PoS is not a consensus mechanism. Proof-of-Stake schemes (like Proof-of-Work) are oracles, they don´t output consensus.

DPoS did well for Bitshares, so STEEM was built on a proven protocol, but it just doesn't suit well a for social blockchain. @blocktrades programed the current REP as a "bandaid".

An evolution of the protocol would be better option, but as you say, requires some research. Also the way STEEM has operated for 4 years, has generated some data as well, regarding human behavior. Some of that, should help as well.

I really welcome this idea!

Neat idea. I also think 1sp should equal 10 votes instead of 30.

Coin Marketplace

STEEM 0.20
TRX 0.25
JST 0.038
BTC 96907.08
ETH 3380.66
USDT 1.00
SBD 3.23