RE: Steem Monsters Tech Talk - Part 3 - Now With More Decentralization!
I've thought about this a bit more and it's a hard problem to address. I also realized witnesses don't need to be grinding their Steem Monster purchase transaction but instead could grind something related to the block composition that is difficult to detect, such as transaction ordering (i.e. the suspected method used for covert AsicBoost).
I think lookahead is probably better than lookbehind, in terms of creating a randomness beacon that cannot be controlled by a single witness. But just a single block lookahead is probably insufficient. For example, a witness could submit their transaction one block before they were scheduled to mine. Then they would be able to engineer the lookahead block to yield a flush Booster Pack.
I am not sure if there is a perfect solution, but raising the bar to require two colluding witnesses most of the time would be a start. Perhaps this could be done by having each block hash following a transaction delay the settlement by 0, 1, 2, or 3 blocks. Perhaps the following pseudo-algorithm:
- purchase transaction occurs in block 0
- use block 1 hash to derive a settlement block in 1, 2, or 3 blocks
- when the settlement block is reached, use this block hash to delay the settlement 0, 1, or 2 blocks. If the delay is 0, pack is opened using current block as the randomness beacon.
This seems overly complicated and only partially effective. Maybe there is a way to get a randomness oracle on Steem, that say posts the NIST Randomness Beacon for the timestamp of the previous block. Then you could do a lookahead that takes transaction id, transaction block id, and randomness beacon from the oracle for a lookahead block.
I'll look a bit into some existing literature such ast Proofs-of-delay and randomness beacons in Ethereum.
Another thing to consider is that a "flush booster pack" would have to be "mined". You would need to add some type of nonce into the block and then generate the hash, run the card pack generation code, check the results, update the nonce and repeat until you find a pack that is good enough for you.
You have at most 3 seconds to do this or you will miss your block. The more packs that are purchased the more computation this would take. The whole idea behind DPoS is that we trust the top witnesses not to do things like this. If it's found that a top witness is doing this, then they would lose their votes (at least in theory), and then not be able to produce more blocks.
So from that perspective I think what is implemented now is probably sufficient.
I'm guessing you could probably evaluate 1000s of booster packs by grinding transaction order within a 3 second window. However, this also brings up another potential solution: using a key derivation function that takes 3+ seconds of computational work to generate a random seed from transaction & block info. This would make it impossible to evaluate booster pack outcomes within the 3 second interval. airBitz / Edge uses a similar approach to slow down brute force attempts to break into a wallet.
That's an interesting point about how DPoS does provide some protection because witnesses have their future earning ability at stake via their reputation. In a proof of work system, there is a large cost to forgoing a PoW solution because it doesn't generate the proper random seed. However, with PoW there is no reputation cost since blocks can be mined anonymously. In Steem there is no immediate cost to picking a block with the right block hash. However, there is a longterm reputational risk if you get caught.
It will be interesting to see if good cards start occurring more than would be expected by chance!
Dear @yabapmatt
I tried to contact you via discord... There are a lot of bots out of control without upvoting due to a bug in the steem blockchain. Please, have a look at the post:
https://steemit.com/witness-category/@mahdiyari/why-steem-was-down-blockchain-bugs-and-problems-witness-and-seed-nodes
I guess you should change the nodes on which the bots have being connected.
Regards