In my (at the time occasional) drunken state I may have thought every now and a again, after 13 confirmations of confirmations surely you can just attack! But alas, it all falls flat: You have no way of knowing the final confirmation, the one before that, etc. until you are back where you started.
By the way, this only applies to lossy communication without feedback. A Whatsapp text syncronises via a server. As long as the server is up and confirms both sides, you can be quite sure the other side received the message. This is manifested these days in the form of the infamous blue ticks.
The server still doesn't know whether the sender knows that the server received and acknowledged your message, so you might want an ack from server, but again, the server doesn't know if you received the ack, so you ack the ack, but again ...
The General's Problem (as presented in the comments) is trivially solvable by multiple messengers WHO COME BACK to report the message delivered. Wherein, the messenger is an encrypted messenger and the general has the key (knowing which messengers were sent out).
In an ephemeral message scenario, you have to rely on the same idea, using an encrypted log of messages that both generals have access to (since they are both "on the same team", there is already coordination).
This philosophical exercise isn't practical, from the setup provided. I don't see the point in trying to solve for it without adding a ton of additional constraints, by which you can reach an optimal or no-solution.
If no data is being sent, the connection is closed via timeout eventually.
In this situation you are describing a server that wants to send a client a message, and both parties need to be sure that they are in agreement when to attack a common enemy they can't deal with alone because the message contains the attack plans and timestamp for attacks.
Wikipedia has a good explanation:
"The first general may start by sending a message "Attack at 0900 on August 4." However, once dispatched, the first general has no idea whether or not the messenger got through. This uncertainty may lead the first general to hesitate to attack due to the risk of being the sole attacker.
To be sure, the second general may send a confirmation back to the first: "I received your message and will attack at 0900 on August 4." However, the messenger carrying the confirmation could face capture and the second general may hesitate, knowing that the first might hold back without the confirmation.
Further confirmations may seem like a solution—let the first general send a second confirmation: "I received your confirmation of the planned attack at 0900 on August 4." However, this new messenger from the first general is liable to be captured, too. Thus it quickly becomes evident that no matter how many rounds of confirmation are made, there is no way to guarantee the second requirement that each general be sure the other has agreed to the attack plan. Both generals will always be left wondering whether their last messenger got through. "
There is no solution, only a decreasingly smaller change of disagreement e.g. by sending many messages or keep acking each other x amount of rounds (there are other strategies).
No timeouts, only death.
You can design a practical protocol between two parties that actually works based on a large number of messages. Let’s say the generals can exchange 100 messages each of which has an independent 80% chance of message failure. That sounds really bad.
However, if the protocol is I will attack after receiving 20 messages or I will flip a coin once for each message received and attack on the specific date if even a single head shows up.
Now in your example if they receive 13 conformations they can assume there is at minimum a 99.98% chance the other party is going to attack.
There are several ways to improve the protocol based on a host of factors. But, it really demonstrates the difference between theory and practice.
A -1-> B
A <-2- B
A -3-> B
A <-4- B
If the rule is that the general sends a message back when he receives one, then, these 4 back and forth that I showed are only possible if this HAS happened:
A —1-> B
So we know that these 3 back and forth have happened. Also B knows that these 3 back and forth have happened, and A knows that 2 back and forths have happened. B knows B got the message because B got the message. A knows B got the message 1 because A got a confirmation (message 2).
This is difficult for me but I convinced myself here. Please anyone prove me wrong!
Presumably A will keep sending 3 over and over using a timeout until it receives 4.
I think most humans would attack with a reasonable degree of confidence if they had gotten at least one ack in the past
A: attack if acks from B > 0
B: attack if acks from A > 0
Let's look at the current
A --> B : Original message (not an ack)
A <-- B : Ack from B (A is now committed to attacking)
A -/> B : Ack from A is lost, B does not attack
Okay let's change it up
A: attack if acks from B > 1
A <-- B : Ack from B (A is not yet committed to attacking)
A --> B : Ack from A (B is committed to attacking)
A </- B : Ack from B is lost, A does not attack
The essential problem (which I failed to explain correctly) is that while you can always go from a fixed set of interactions and work out a protocol that would've worked for that particular interaction, you can't go the other direction (starting with a protocol and throwing arbitrary interactions at it).
I found it helpful to draw it out. Draw a human with the letter B on their T shirt holding a letter labelled 3 and create a cartoon thought bubble on top of their head. Inside that thought bubble write the text "I wonder if A got my letter 4 but assuming they didn't this is how I picture them..." and draw a human with the letter A on their T shirt holding a letter labelled 2 and create a cartoon thought bubble on top of their head.... The final thought bubble should say "I wonder if B got my letter 1 but assuming they didn't I will not attack."
That's the gist of it, there are some technicalities of specifying what "correct" means.
If the server is up and sends a confirmation message to one side, but the other side disconnects before receiving the confirmation message (or before sending the acknowledgement that it received the confirmation message), you have another Byzantine Generals problem.
With a server, it's just a connection of 3 generals with the server in the middle, instead of a peer-to-peer connection.
Interestingly, it feels like a cross of Estonia and Albania.
> A. All loyal generals decide upon the same plan of action.
All actors arrive at an immutable consensus (the current transaction group in the blockchain).
> B. A small number of traitors cannot cause the loyal generals to adopt a bad plan
It has protection against a small number of bad-actors as they require proof of work/stake which prevents against bad-transactions up until 51% attacks.
I don't have much knowledge in the area though, any thoughts?
Nakamoto consensus addresses "double-spend". Say I have exactly one coin, and I broadcast a transaction that sends the coin to Alice. All miners on the network consider my transaction a candidate for the next block, and get busy hashing proof-of-work.
Moments later, I compose a transaction that sends my one coin to Bob. And, I start mining a block with only that transaction in it. Now, its a race. If I win the race, the coin goes to Bob. If anyone else wins, the coin goes to Alice. Importantly, the coin will not go to both Alice and Bob.
In Nakamoto consensus, exactly one miner wins each race. And that miner, "loyal" or not, determines whether the coin goes to Alice or to Bob. To satisfy Byzantine Generals, in this particular example, the coin should always go to Alice. But in Nakamoto consensus it might end up going to either Alice or Bob.
Solving double-spend in a network of untrusted nodes is a significant feat. (And, according to the market, extremely valuable.) However, as I think your question is designed to point out, Nakamoto consensus does not solve the Byzantine Generals Problem. No offense to Nakamoto, it solves a different problem.
It's worth mentioning the concept of "byzantine faults" - meaning a node on the network might not be simply buggy, it might be designed by a malicious adversary to do any behavior that could exploit vulnerability in other nodes. So, if you're reading the next revolutionary ICO whitepaper and see, "we use Nakamoto Consensus to solve double-spend, even in the presence of byzantine adversaries", maybe keep reading. But if you read, "we use proof-of-work to solve the Byzantine Generals Problem", maybe save your money for another investment.
Edit: This goes back a comment I made the other day about 'Blockchain == Down votes' on HN. Why would you down-vote OPs question?
"I was just thinking about how you said you didn't like Bitcoin and imagining ways that it could be used to improve Wikipedia. More generally, Bitcoin can help any system to become more Byzantine fault tolerant."
As soon as you allow digital signatures, you have unforgeable messages and Byzantine Generals is solved. No need for consensus algorithms, proof of work, or blockchains.
I think that statement would be correct if changed to “unforgeable messages with all same-side generals honest (and un-confused).
The problem you are describing is a different one, where there is no single commander and a group of generals needs to collectively decide on a plan. There signatures are indeed not sufficient. The way proof-of-work solves it is by randomly electing one of the generals to become commander for this decision round (i.e. 'it mines the block'). The random election is somewhat imperfect, leading to second order complexities such as probabilistic finality.
If it's not a solution to Byzantine Generals Problem, and not de-centralized/distributed, then it can't be called a blockchain.
So I'm wondering if that's the case, or if they really are solving BGP while still being largely distributed?
(These links are just for curious readers; reposts are ok after a year or so—see https://news.ycombinator.com/newsfaq.html)
People had no idea that POW isn't scalable, yet would insist that a Bitcoin copy-paste would solve the problem. Or that a centralized coin was the future. Or that proof of stake was a working solution.
I still hear people wrong today. I only imagine that if people understood, there would be less altcoin mania.
At minimum, I think we need a carbon tax (ideally paired with a revenue-neutral dividend), which might alter the incentives for crypto mining. But I don't think it would be unreasonable for industrialized nations to ban useless PoW operations outright. While I've read cogent explanations of PoS having game-theoretic shortcomings relative to PoW, given the growth of bespoke ASICs and the capital requirements of modern mining operations, PoW seems to me to be indistinguishable from PoS with extra steps, while also being an ecological nightmare.