Hacker News new | past | comments | ask | show | jobs | submit login
Factual Inaccuracies of “Facebook Libra Is Architecturally Unsound” (tonyarcieri.com)
138 points by dochtman 30 days ago | hide | past | web | favorite | 36 comments



> I suspect Facebook’s longer term plans, were they to actually launch Libra, are to move to a permissionless proof-of-stake model much like the one used by Cosmos

It seems really naive to think that if FB were to get a foothold in the currency markets with a permissioned product that they would later on go against their own interests and transition to a permissionless alternative (not to mention the massive legal and technical hurdles that this transition would require)

...but I don't know why I'm arguing against Libra, it's such an all-around terrible product, I should just keep my mouth shut. Facebook is tarnishing the idea of a "corporatecoin" for the next few years and doing all of us a favor in the process.


They have explicitly stated that a move to a permissionless system is their end goal.

https://en.wikipedia.org/wiki/Libra_(cryptocurrency)#Blockch...


> They have explicitly stated that a move to a permissionless system is their end goal.

Of course, they were very happy to make all kinds of vague, rosy promises right out of the gate... it doesn't cost them anything to do so.


Or, the regulatory obstructions and general enmity towards anything crypto would make it impossible to launch a permissionless one. Actually, several govts have been explicit that even the permissioned is ex ante banned


Doesn't matter; there are no technical details for this, and so far nobody has a solution on how to do this. Yes, permissionless networks exist; but no network has transitioned from a permissioned to a permissionless network. While transitioning from a permissioned to a permissionless network, you open your gates to a horde that are financially incentivized to exploit this newfound permission. How then are you going to secure yourself from an attack? Nobody has this figured out. It's mathematically unsound.


It doesn't make any strategic sense either: The whole point of being "permissionless" is to increase initial adoption by providing protections against "vendor lock in".

But if you are capable of doing an initial launch on an permissioned ledger and achieve the initial network effects anyway, what's the point of providing such guarantees later on?


There is nothing mathematically unsound, I would even say that it should be trivial to transition to a permissionless setting. You just need to implement a proof of stake algorithm. The only questions are: what scheme do we want to implement and when does it make sense to transition. Libra launching as permissionless would be DOA.


tell me how to transition from pow to pos


why? Libra is not pow.


> "corporatecoin"

Call it like it is: Company scrip.


There are likewise some inaccuracies in this post. Both OPs seems to agree on the fact that Libra has no transaction privacy and then pick nits about features not being there at this point in time:

> Libra’s byzantine tolerance on a permissioned network is an incoherent design.

This post's argument rests on their being a unused flag in the configuration file for a feature which is not implemented. The Libra whitepaper indicates that a permissionless design is beyond their ability to implement at this time. There is no reason to believe a proof-of-stake model is what is intended. Even the whitepaper states:

> The challenge is that as of today we do not believe that there is a proven solution that can deliver the scale, stability, and security needed to support billions of people and transactions across the globe through a permissionless network.

> Libra HotStuff BFT is not capable of achieving the throughput necessary for a payment rail

This seems like some actual benchmarks that simulate real system load are needed before a conclusion can be made.

> Libra’s Move language is unsound

It seems like the OP takes a more traditional view of type checkers as a Haskeller programmer. Pushing type-checking to the bytecode level is a very nontraditional approach to compiler design and contradicts the original Libra whitepaper claiming to implement linear types. Libra does not do this provide any linear typechecker or formal verification at this time.

> Libra’s cryptography engineering is unsound

This section is subject to some debate. It seems there are some unpublished audits of the libraries that may lend credibility to the Rust libraries but are unpublished. The original post doesn't claim that they are insecure, just that the more audits and testing the libraries undergo the more trusted they should become trusted (i.e. libsodium).

It also seems that Libra implements a lot of extraneous next-gen crypto that is dead code and not used for any purpose in the core logic.

> Libra has no capacity for consumer protection mechanisms

The section agrees with the OP that this does not exist.


> This seems like some actual benchmarks that simulate real system load are needed before a conclusion can be made.

Both true and false. Typically, someone with good systems knowledge can estimate throughput from reviewing architecture / design / implementation.


There is no way you would be able to estimate throughput without doing any benchmarks.


Things like Big-O notation are part of introductory computer science classes and introductory algorithms classes.

BigO notation also applies when an algorithm is distributed and runs over a network. An algorithm that's O(n^2) will always be slower than an algorithm that's O(2n). You don't need to run benchmarks to find that out.


Big O notation tells you nothing about throughput in normal conditions. It tells you things about throughput in asymptotic conditions.


The parent poster also forgets about constant factors anyway.


The thread discussing the original post is https://news.ycombinator.com/item?id=21451847.

There shouldn't be two posts about the same thing on the front page. In most cases we'd merge the follow-up into the original, but since the points of view here are so opposed, it's going to seem like favoritism no matter what we do. My first crack at this is to let the opposing side have a hearing since the original has already spent many hours on the front page.


> This section throws a few numbers out: it claims the UK Bacs system does 580,000,000 transactions a month, or about 223 transactions per second.

Curiously it claims Libra can’t do this, but posts no numbers about Libra’s throughtput. Libra’s throughput target is 1,000 transactions/sec (see Section 8: Performance in the Libra paper) with 10 second latencies on consensus time.

OK but 1,000 transactions/sec is a non-starter. A single large seller or popular event driving a live transaction burst can need thousands. Even two decades ago, a WWE event could need 15K sales per second, or 5K per second for Amazon’s black Friday.

If you’re looking to compete with the order of magnitude of a Visa/MC, you’re needing 15,000 - 25,000 per second.

For a commercially available ‘distributed ledger’ able to handle these characteristics (including service level objectives for operating it in production), take a look at the AWS QLDB we asked AWS to make available a couple years ago.

AWS introduced “managed blockchain” and the very different “QLDB” in the same keynote.

Compare under the covers to see why, despite the hype, they introduced QLDB, which is designed for real work when you know who is running the servers:

https://aws.amazon.com/managed-blockchain/

https://aws.amazon.com/qldb/

If you’re a trusted entity or a trusted consortium with legal paper among your members, you probably don’t want the blockchains, you probably want QLDB.


The section critiquing the critique of the cryptography is quite good.

That said, can we please all agree that a prediction of probable future action is not a defense of the status quo?

> I suspect Facebook’s longer term plans, were they to actually launch Libra, are to move to.... >...it’s being worked on, and it certainly has “the capacity” for them.

This is all well and good but it's certainly not a thing that is happening now. At the very least I would like to see Facebook write down that they intend to do these things before I accept this as a justification.


> That said, can we please all agree that a prediction of probable future action is not a defense of the status quo?

...no?


Care to elborate? I can promise you somthing good if you do that I am not bound to follow through on. How does a million euros sound?


Diehl: Libra’s Move language is not sound.

Arcieri: Is it actually sound? I don’t know, it’s brand new and looks unfinished to me, and even if it were finished I’m unqualified to make that assertion

Oh snap.


Thanks for this rebuttal.

I'm by no means a fan of Facebook and Libra, but Diehls post felt far from frontpage worthy to me.

> Stephen Diehl doesn’t understand cryptography, but sure has a lot to say about it.

This is how I felt about the entire post, to be honest.

It felt like a consultant on a mission, who doesn't really understand the topic, only took a cursory glance at a project, and yet berates it extensively. All while sprinkling in some of his particular knowledge, giving a false sense of technical expertise.


This is how I felt reading his post too for what is worth. He might have the expertise (outside of crypto(graphy|currency) to produce a technical opinion but has unfortunately not spent much time trying to understand libra.


As did I, hence why I commented that it feels like ultracrepidarianism.


Debate around any technical merits of the Libra proposal is entirely beside the point. An extra-governmental currency owned and run by a consortium of big businesses from the payments and data monetisation industries is an intrinsically terrible idea and Facebook couldn't be trusted to do this in a responsible and ethical manner even if it were not.


The flaw I care about most: The lack of transaction privacy.


Shouldn't this make it illegal?


Factual Inaccuracies of “Facebook Libra Is Architecturally Unsound” Considered Harmful


> I consider it to be a gish gallop that bombards you with a bunch of negative claims, many of which are false or at best, specious.

Is it me or is this a common trope of blog posts that hit the top of HN?


Non-interactive media naturally tend to look like gish gallops, because there is no interruption to the flow. If you follow the Wikipedia link given, you'll see the term comes from formal debates, where it's more relevant. In formal debates, the technique can be quite effective; in blog posts, it just leads to fiskings. You briefly have a monopoly on your soap box, but you have no power to prevent other people from monopolizing theirs with a response.


Generic claims about HN are almost always an afterimage of things you saw and disliked, because those make by far the strongest impressions.


“Everything is actually terrible” is arguably the most popular topic on HN.


In a world that's bombarded with PR teams dedicated to pass the message that product X is by far the best thing ever, posts pointing out that product X actually has downsides are more than welcomed. Otherwise, the PR people are the only ones doing the talking.


I wasn’t talking exclusively about products at all. But even then, I don’t see a moral high ground in pushing negative hyperbole as a response to a perceived excess of positive hyperbole. Both seem equally fallacious to me.


Boom Roasted. That was enjoying to read. I wish most of this didn't go over my head, but I enjoy it nonetheless.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: