<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Yes, there are definitely improvements to be made in all blockchain styles, and there are tradeoff’s everywhere.<div class=""><br class=""></div><div class="">Tendermint’s tradeoff’s are at least:</div><div class=""><br class=""></div><div class="">- The blockchain could come to a halt (stop updating). Was this addressed?</div><div class="">- The blockchain is less permissionless because it is Proof-of-Stake, not Proof-of-Work, so it’s possible that an adversary could purchase perpetual ownership of the blockchain.</div><div class=""><br class=""></div><div class="">That’s not to say Tendermint isn’t an excellent blockchain with its own uses. People just need to be aware of the details in order to know, “Which blockchain is right for you?!” :-)</div><div class=""><br class=""></div><div class="">Cheers,</div><div class="">Greg</div><div class=""><div class="">
<br class="Apple-interchange-newline"><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;" class="">--</span><br style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;" class="">Please do not email me anything that you are not comfortable also sharing</span><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;" class=""> with the NSA.</span>
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On Sep 16, 2015, at 5:02 AM, Jae Kwon <<a href="mailto:jae@tendermint.com" class="">jae@tendermint.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="">Blockchains should solve Zooko's triangle, but in reality none do yet. I believe that Tendermint has the potential to solve it for good, given its consensus algorithm design.</div><div class=""><br class=""></div>From <a href="http://tendermint.com/posts/cases-for-tendermint/" class="">http://tendermint.com/posts/cases-for-tendermint/</a><br class=""><div class=""><br class=""></div><div class=""><p style="margin: 0px 0px 1.8383em; padding: 0px; border: 0px; outline: 0px; font-size: 0.85em; vertical-align: baseline; line-height: 1.5625em; font-family: Georgia, serif; background-repeat: initial initial;" class="">With Bitcoin (and Namecoin), you can verify that “@satoshi” was registered with a particular public key at some point in the past, but you wouldn’t know whether the public key had since been updated without downloading the whole blockchain. This is because the presence of a name-registration transaction in the blockchain does not imply that later transactions hadn’t updated the value for that key. In order for you to efficiently check for the current value of a name, the blockchain should support a balanced Merkle tree on the most recent name-registry state. Even if Bitcoin/Namecoin did support such a data structure, you would still have to download and verify all the blockchain hashes and headers, and if the value might have been updated recently you’re still vulnerable to a fork-censorship attack.</p><p style="margin: 0px 0px 1.8383em; padding: 0px; border: 0px; outline: 0px; font-size: 0.85em; vertical-align: baseline; line-height: 1.5625em; font-family: Georgia, serif; background-repeat: initial initial;" class="">With Tendermint, all you need is the most recent blockhash signed by more than <span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:13.6px;vertical-align:baseline;background:transparent" class="">2</span>⁄<span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:13.6px;vertical-align:baseline;background:transparent" class="">3</span> of the validators, and a Merkle proof that proves the current value associated with the name “@satoshi”. You don’t even need to wait for a single commit. If you’re interested, see <a href="https://github.com/tendermint/tendermint/wiki/Merkle-Trees#iavl-tree" style="margin:0px;padding:0px;font-size:13.6px;vertical-align:baseline;text-decoration:none;color:rgb(27,147,184);background:transparent" class="">this link</a> for more information on our balanced binary Merkle tree implementation.</p><p style="margin: 0px 0px 1.8383em; padding: 0px; border: 0px; outline: 0px; font-size: 0.85em; vertical-align: baseline; line-height: 1.5625em; font-family: Georgia, serif; background-repeat: initial initial;" class="">In future posts I’ll go into detail about the consensus algorithm and how it can provide these unique speed & security guarantees without proof-of-work mining. For now, you can check the most recent Tendermint spec on the github wiki <a href="https://github.com/tendermint/tendermint/" style="margin:0px;padding:0px;font-size:13.6px;vertical-align:baseline;text-decoration:none;color:rgb(27,147,184);background:transparent" class="">here</a>.</p></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Tue, Sep 15, 2015 at 4:05 PM, Tao Effect <span dir="ltr" class=""><<a href="mailto:contact@taoeffect.com" target="_blank" class="">contact@taoeffect.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">While watching one of the Scaling Bitcoin talks I was reminded of this thread and wanted to add a note for accuracy about this “attack”:<div class=""><br class=""></div><div class="">It’s actually harder to pull off than I described. Both Namecoin and Blockstore (apparently) use two transactions per registration to virtually eliminate all possibility of this ever happening. The first transaction stakes claim to a name but does not reveal what it is. The second transaction must be sent some time later (in Namecoin, it’s recommended to wait 12 blocks), referencing the first and revealing what the actual key and value of the registration were.</div><div class=""><br class=""></div><div class="">Thus to pull off this “attack” it’s not enough to do a 24/7 MITM, you would also need to mine a fake blockchain by yourself continuously while waiting for someone to register a name. This is detectable because such a MITM would be unable to match the difficulty requirement of the main blockchain and thus would start producing an alternative blockchain that would show a dramatic decrease in difficulty (several orders of magnitude probably).</div><div class=""><br class=""></div><div class="">There’s really only one scenario that I can imagine this attack being pulled off, and that would be if the NSA/GCHQ were the #1 miner on the Namecoin network. All for the small possibility of catching you registering something and stealing it from you. lol. Heh, if that were to happen they would have 51%+ of the mining power and would probably choose to use their power in a more productive way.</div><div class=""><br class=""></div><div class="">Cheers,</div><div class="">Greg Slepak<br class=""><div class=""><span class=""><div class="">
<br class=""><span style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; float: none; display: inline !important;" class="">--</span><br style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" class=""><span style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; float: none; display: inline !important;" class="">Please do not email me anything that you are not comfortable also sharing</span><span style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; float: none; display: inline !important;" class=""> with the NSA.</span>
</div>
<br class=""></span><div class=""><blockquote type="cite" class=""><div class=""><div class="h5"><div class="">On Jul 23, 2015, at 6:22 PM, Tao Effect <<a href="mailto:contact@taoeffect.com" target="_blank" class="">contact@taoeffect.com</a>> wrote:</div><br class=""></div></div><div class=""><div class=""><div class="h5"><div style="word-wrap:break-word" class=""><div class=""><blockquote type="cite" class=""><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><div class="">I've just demonstrated how an attacker can perform a man-in-the-middle attack which lets them publish a malicious key under a name that the victim assumes is theirs. You don't care?</div><div class="">An attacker who can mine a Namecoin fork in Alice's view of split-brain world could convince Alice she's successfully claimed the name.</div></div></div></div></blockquote></div><div class=""><br class=""></div><div class="">What you are describing implies a persistent, 24/7 MITM on Alice’s network, waiting for Alice to register her name (assuming she hasn’t already).</div><div class=""><br class=""></div><div class="">That already, by itself, is pretty much not going to ever happen simply because it is too costly. There are far cheaper attacks this adversary could do to Alice.</div><div class=""><br class=""></div><div class="">So I put such targeted attacks on a local network outside of the realm of practical feasibility.</div><div class=""><br class=""></div><div class="">Also, even if this happened, Alice’s client could detect the attack the second she moved outside of the MITM’d network.</div><div class=""><br class=""></div><div class="">So, the only real option left is for a persistent, 24/7 global MITM. At that point you are no longer dealing with the Internet anymore. You might as well smash Alice’s computer with a brick and declare a successful “attack” on Namecoin.</div><div class=""><br class=""></div><blockquote type="cite" class=""><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><div class="">This is particularly easy right now because very few people are mining Namecoin. Since there's so little actual Namecoin mining going on […]</div></div></div></div></blockquote><div class=""><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><div class=""><br class=""></div><div class="">Namecoin is merge-mined with Bitcoin.</div><div class=""><br class=""></div><div class="">- Greg</div></div></div></div></div><div class="">
<br class=""><span style="font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important" class="">--</span><br style="font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" class=""><span style="font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important" class="">Please do not email me anything that you are not comfortable also sharing</span><span style="font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important" class=""> with the NSA.</span>
</div>
<br class=""></div></div></div><span class="">_______________________________________________<br class="">Messaging mailing list<br class=""><a href="mailto:Messaging@moderncrypto.org" target="_blank" class="">Messaging@moderncrypto.org</a><br class=""><a href="https://moderncrypto.org/mailman/listinfo/messaging" target="_blank" class="">https://moderncrypto.org/mailman/listinfo/messaging</a><br class=""></span></div></blockquote></div><br class=""></div></div></div><br class="">_______________________________________________<br class="">
Messaging mailing list<br class="">
<a href="mailto:Messaging@moderncrypto.org" class="">Messaging@moderncrypto.org</a><br class="">
<a href="https://moderncrypto.org/mailman/listinfo/messaging" rel="noreferrer" target="_blank" class="">https://moderncrypto.org/mailman/listinfo/messaging</a><br class="">
<br class=""></blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></div></body></html>