Show HN: Hyperledger – Open Payments Protocol

112 pointsby danopreyalmost 11 years ago

16 comments

nessencealmost 11 years ago

Hyperledger's home page talks about a protocol, pools, consensus, security, and decentralization, however, none of those features exist in the codebase. Proof of work and distributed networks are why bitcoin and others are more complex than a list of node URLs and a simple database model.After looking through code, a number of concerns are also raised:- key pairs use RSA - identities are based on MD5 of RSA public key - no p2p protocol for nodes - lack of proof of work (more on that below)As-is, the project is a rails application which references accounts by MD5 of the public key, a postgresql database, and a REST client. In other words -- basic rails ledger app plus some PKI.I see a significant issue with hyperledger, in that the pools are, by nature, private. The only verification a client can perform is the SSL certificate. A pool owner, if they wish, could change the account balance on all of their private nodes and there would be no public record of the change or the previous history. Yes this would require collusion of some kind, but even for 10k nodes, such data can be changed in seconds. Without a blockchain, how could anyone prove otherwise?I see the potential for companies like quickbooks, paypal, or even banks, to create public REST interfaces for their account ledgers. This seems inexpensive for a bank to do (compared to a p2p network), and, we'd have the trust of the bank. This is money after all, so, I'd trust the bank over a psuedo-private network.Looking forward to see how hyperledger will approach the problems described above. I would be surprised if the end-result isn't similar to bitcoin.

评论 #8013225 未加载

drcodealmost 11 years ago

Haven't looked into the product yet, but I have to say the web page itself is one of the most beautiful I've seen, from a pure aesthetic standpoint- No dumb animation, uncluttered, distinctive, consistent theming with appropriate use of color, full use of available viewport space, thumbs up to the designer!

评论 #8010434 未加载

EGregalmost 11 years ago

I beleve this misses the point. We have always been able to place "small amounts of trust" in smalltime credit issuers. The point of bitcoin etc. is that there is no need to trust ANYONE. When someone you trust betrays the trust you need recourse. Here, there isn't a way for someone to betray your trust, it would take massive effort, so you can rely On the system to transfer money without resorting to legal remedies later and having to allow for fraud.

habermanalmost 11 years ago

I am only a dabbler in cryptocurrencies, but let me attempt to compare/contrast this with Bitcoin. Corrections welcome.Bitcoin is peer-to-peer. Anyone can join as a peer at any time. When you want to spend some Bitcoin, you sign a transaction and send it to your peers, who relay the transaction to other peers if the transaction looks valid to them. But the transaction isn't considered "committed" until it becomes part of the blockchain.Peers in the network race to create the next block in the blockchain by proof of work. Whoever creates the next valid block first wins, but for a block to be valid it has to contain a solution to a CPU-intensive problem. The reward for winning the race to create a block is that you get to "mint" some brand new bitcoins to yourself, though the number of new bitcoins in each block is predetermined on a deflationary schedule. Anyone who controls over half of the CPU power can control the blockchain.Hyperledger is not peer-to-peer, it has "nodes" which have to be invited/allowed on the network. Each node has a public/private keypair, and for a transaction to be valid it has to be signed by a node. Nodes only sign transactions if they can achieve consensus with other nodes that the transaction is valid and doesn't double-spend. So you don't have to wait for the next block to get transaction confirmation, you just want to get a node's signature on your transactionThe "Practical Byzantine Fault Tolerance" consensus algorithm can continue to function even if up to 1/3 of the nodes are actively trying to subvert it. Apparently bad nodes can be detected and expelled (how?), but if more than 1/3 of nodes suddenly become malicious, double-spending is possible. So you don't want to invite a node unless you trust it.Also, instead of a predetermined schedule for minting new coins, the model is that someone can issue units at any time. This must require a consensus too?Benefits of Hyperledger vs. Bitcoin: Hyperledger can confirm transactions faster since the PBFT algorithm can achieve consensus a lot faster than it takes to build a block (or 2 or 3, to be safe) in Bitcoin. When a transaction is signed by a node, that is a positive confirmation that it was accepted by the network, rather than Bitcoin's less dependable "longest chain wins" rule.Benefits of Bitcoin vs. Hyperledger: Bitcoin, being truly peer-to-peer, does not require the same management of deciding what nodes to trust and allow onto the network, and expelling them when they turn malicious.

评论 #8011422 未加载

sorbitsalmost 11 years ago

As I understand it, it is required that people trading units in a ledger trust the ledger’s creator not to issue new units to enrich themselves.If so, is that much different from using a central service and trust its creator?

评论 #8012985 未加载

abc123xyzalmost 11 years ago

Is this Ripple in disguise? Who are the people behind this project??

评论 #8010192 未加载

admax88qalmost 11 years ago

The FAQ dismisses 51% attack quite quickly, while casually mentioning that it's vulnerable to a 33% attack.What prevents an malicious actor from getting 34% of nodes, and then turning them all bad at the same moment?

评论 #8010053 未加载

评论 #8010013 未加载

评论 #8010238 未加载

dewelleralmost 11 years ago

For anyone interested in cutting-edge cryptocurrency protocols, I recommend checking out the Delegated Proof of Stake protocol by Invictus:<a href="http://bitshares.org/documentation/group__dpos.html" rel="nofollow">http://bitshares.org/documentation/group__dpos.html</a>

tonethemanalmost 11 years ago

Seriously I am too stupid to even know what this is... even after I read the FAQ. :(

评论 #8010067 未加载

评论 #8010164 未加载

评论 #8010060 未加载

haartsalmost 11 years ago

How does it compare with Open Transactions (<a href="http://opentransactions.org" rel="nofollow">http://opentransactions.org</a>)?

评论 #8010471 未加载

评论 #8010514 未加载

fiatjafalmost 11 years ago

Maybe this is the framework for people wanting to issue gold currencies and not be stopped by the government: <a href="http://www.wired.com/2009/06/e-gold/" rel="nofollow">http://www.wired.com/2009/06/e-gold/</a>(I mean, not exactly this, but something like this.)

poseidalmost 11 years ago

nicely done! I like the easy overview on creating accounts and making transfers.i am wondering, when everything is free and open-source here, how is the business model?

评论 #8010381 未加载

评论 #8010419 未加载

mkrecnyalmost 11 years ago

@danoprey @feichtingerFirst: congrats, this looks fabulous.Second: can you walk us through one real world example of how a startup might use Hyperledger to do something useful?

placeybordeauxalmost 11 years ago

Doesn't seem like their trust model really assumes rational agents.

评论 #8010159 未加载

评论 #8010202 未加载

cjgalmost 11 years ago

danoprey - it's not clear to me what the URL is for when creating a new ledger. Can you clarify?

评论 #8013331 未加载

评论 #8019638 未加载

qatrixalmost 11 years ago

I think it will be very useful for start-ups for who are hard and too much job to develop payment system. Maybe try it in the further:)

评论 #8010446 未加载