[fwip]

I'd love to finally see a writeup of the "proof of spacetime" storage. Understanding that proof seems critical to understanding what use cases FileCoin will and won't work for.

Edit for clarity: This is the closest I was able to find, and is short on details. https://github.com/filecoin-project/specs/blob/master/proofs...

[dangero]

I'm interested in this as well. Failure scenarios for their system are data and financial loss.

For example, if there is a loophole in "proof of spacetime" then you might be paying for your data to be backed up 8 times and have it only backed up once. You find out that was the case only when that node disappears and your data is lost.

[gcbw2]

The proof of storage is even trickier.

A multi-account attack (sybil?) can just store the file once, and pretend to store it N times, inflating the cost (attacker revenue) by N fold. I can't see how this is avoidable other than being an authority with insight into most of the internet traffic structure. ...Maybe it is designed to only work within china?

last question was a joke, but note that every single multi-account protection requires a breach of anonymity. That's why most modern distributed protocols try to completely work around any benefit of having multiple accounts. Storage, by definition, can't.

[whyrusleeping]

The proof of replication provides assurance that for some given data D, a unique replica R is created for it. What you’re proving with the Proof of SpaceTime isn’t that you have some data, you’re proving that you have the replicas. Generating the replica is slow, so you can’t do it on the fly. I gave a talk recently that goes over some of this briefly: https://youtu.be/GZZ2G9bPXsM

[bodski]

Thanks for linking your talk! Just started watching it now. Is that Dan Boneh in the front?

[whyrusleeping]

Yep! He gave the talk just before me

[gcbw2]

you talk for 15s about it on that video. I will try to read the secondary paper on this... but doesn't look like it can protect against someone just generating hashes for multiple accounts from the same stored data.

P and (the fake) P2 can both reply to V with perfectly normalized storage.

But regardless if the protection works against bad actors, it definitely "works" against good actors if you take into account storage prices. E.g. P1 and P2 are two distinct good actors. They both pay cloudProviderA for storage. P1 and P2 bid on the same filecoin storage contract. They store that independently of each other, but cloudProviderA normalize the storage (with their own backup and consistency solutions). But with this protection scheme, since the cloud provider can't normalize, the cost will eventually go up because their normalization margin got erased. Over time, the data storage cost for good actors will go up, while for bad actors (assuming they are possible) the profit will increase.

[whyrusleeping]

To generate a response to the verifier, you have to have your replica of the data in question. A replica (from proof of replication) is a unique encoding of the data that is quite slow to generate. If the prover isn't storing the replica, they will have to regenerate it before they can respond to the challenge, which takes a noticeable amount of time.

[viraptor]

What scale is "noticeable"? Is it slower than "we're going to pretend the network is slow and send you 1KB/s until we generate the rest"?

[askmike]

I wouldn't be surprised if regenerating it a few times is more expensive than simply storing it once.

[darawk]

1kb is much larger than most hashes.

[whyrusleeping]

Take a read through Ben's PoRep paper: https://eprint.iacr.org/2018/702

[fwip]

Thanks, I'll take a look.

[coolspot]

Here is interesting paper addressing that - "Proofs of Replicated Storage Without Timing Assumptions" - https://eprint.iacr.org/2018/654