> A thing I just realized about Braidpool is that the payout server is still a > single central point-of-failure.
> However, this probably complicates the design too much, and it may be more > beneficial to get *something* working now. You have hit the nail on the head here and Chris Belcher's original proposal for using payment channels does provide a construction for multiple hubs [1]. In the Braidpool proposal however, the focus is on a single hub to describe the plan for an MVP. Decentralising hubs is the end goal here, and either Belcher's multiple hubs construction or a leadership election based construction along the lines you propose might be a good way forward. Belcher's idea has the added advantage that the required liquidity at each hub is reduced as more hubs join, with the cost that in case of a hubs defecting, it takes longer for miners to do cascading close on channels to all hubs. TBH, it might be a cost worth paying in the absence of better ideas. But as braidpool is built, more ideas will be appear as well. [1] Payment Channel Payouts: An Idea for Improving P2Pool Scalability: https://bitcointalk.org/index.php?topic=2135429.0 ---------- Original Message ---------- On Tue, September 7, 2021 at 11:39 PM, ZmnSCPxj via bitcoin-dev<bitcoin-dev@lists.linuxfoundation.org> wrote: Good morning all, A thing I just realized about Braidpool is that the payout server is still a single central point-of-failure. Although the paper claims to use Tor hidden service to protect against DDoS attacks, its centrality still cannot protect against sheer accident. What happens if some clumsy human (all humans are clumsy, right?) fumbles the cables in the datacenter the hub is hosted in? What happens if the country the datacenter is in is plunged into war or anarchy, because you humans love war and chaos so much? What happens if Zeus has a random affair (like all those other times), Hera gets angry, and they get into a domestic, and then a random thrown lightning bolt hits the datacenter the hub is in? The paper relies on economic arguments ("such an action will end the pool and the stream of future profits for the hub"), but economic arguments tend to be a lot less powerful in a monopoly, and the hub effectively has a monopoly on all Braidpool miners. Hashers might be willing to tolerate minor peccadilloes of the hub, simply to let the pool continue (their other choices would be even worse). So it seems to me that it would still be nicer, if it were at all possible, to use multiple hubs. I am uncertain how easily this can be done. Perhaps a Lightning model can be considered. Multiple hubs may exist which offer liquidity to the Braidpool network, hashers measure uptime and timeliness of payouts, and the winning hasher elects one of the hubs. The hub gets paid on the coinbase, and should send payouts, minus fees, on the LN to the miners. However, this probably complicates the design too much, and it may be more beneficial to get *something* working now. Let not the perfect be the enemy of the good. Regards, ZmnSCPxj _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
