[shieVae4I]

It's not a particularly interesting Byzantine mechanism. Like every other such mechanism (in the absence of trusted computing and similar tricks) it has a n = 3f+1 limit. See the selfish mining paper for why it's not n=2f+1.

It's just the Byzantine mechanism that happened to win. If anything, its innovation is that its n is based on hash power, not on number of users or nodes.

And the cost? Having to drag an immutable database around that can't be simplified; and, obviously, the opportunity cost of all the energy that's being used to support the consensus.

The game theory part is likely to be inexorably intertwined with the cryptocurrency part. The incentive to defect is blunted by people's investments, either in terms of hash power machines (for PoW) or in coin holdings (PoS). It would be very difficult to construct something that would be self-replicating/hype-incentivizing but not reward early comers the same way.

[xpe]

> It would be very difficult to construct something that would be self-replicating/hype-incentivizing but not reward early comers the same way.

Can you clarify what you mean by "the same way"? I wonder if you meant "reward the early-comers in _some_ way."

Yes, early miners of a cryptocurrency have an advantage, in the sense that there is less competition in computing resources. However, when you factor in risk (i.e. likely return on investment and opportunity cost), this "advantage" may not seem worth it. It depends on one's risk profile, awareness, opportunity, and skills.

Thinking along game theory lines, when designing a system that requires up-front work, it seems clear that early participants will look for risk-adjusted rewards downstream.

I don't know if I agree with the "very difficult" aspect of your comment. Many real-world systems exist that are not clearly explained by game theory; humans are more complex than their theories.

Just to give one example, family genealogists typically are more than happy to share their historical research and family trees with others without expectation of personal gain. They do it largely because they want their ancestors to be remembered in the context of history. Of course, there is also some incentive for the _ genealogist_ themself to be remembered and perhaps to be perceived as important. But my point stands -- family genealogists don't expect to be compensated at all, much less in a pyramid-scheme kind of way. They are happy to create something of value and share it. Of course, a big difference between these family trees and cryptocurrencies is that the former are non-rivalrous.

[shieVae4I]

I suppose I was implicitly assuming "in an economic manner". You're very right that humans do things that narrow, economic game theory can't account for (e.g. the RAND secretaries playing Nash's "So Long Sucker").

To put my argument in context: consider IRC. An economically motivated BFT system would give the IRCops and channel ops some kind of quantified share of power that they stand to lose if they defect. But doing that, I think, would not just be a difficult programming exercise; it would also undermine the ops' intrinsic motivation and lead to a worse environment.

So the likes of Bitcoin work well if the protocol is designed for (game-theoretically) selfish participants whose interests lie mainly in the number going up. But that's a very narrow niche. Your genealogy site would probably suffer if it had a "number of family names added" counter and the users' status was measured entirely by such a number.

[baby]

You’re talking about bitcoin which is not bft. And there’s no n=3f+1 limit, see algorand.

[shieVae4I]

Allow me to quote the Algorand paper, https://people.csail.mit.edu/nickolai/papers/gilad-algorand-...:

> Weighted users.To prevent Sybil attacks, Algorand assigns a weight to each user. BA⋆is designed to guarantee consensus as long as a weighted fraction (a constant greater than 2/3) of the users are honest. In Algorand, we weigh users based on the money in their account.

That 2/3 is your n=3f+1 right there. It's just that, as I said of PoS in general, the n is based on coin holdings.

This is not controversial, as the authors of Algorand are completely aware of the limitation:

> Most Byzantine consensus protocols require more than 2/3 of servers to be honest, and Algorand’s BA⋆ inherits this limitation (in the form of 2/3 of the money being held by honest users). BFT2F [35] shows that it is possible to achieve “fork∗-consensus” with just over half of the servers being honest, but fork∗-consensus would allow an adversary to double-spend on the two forked blockchains, which Algorand avoids.

[baby]

If you read the whole paper you will see that it scales to more than the 3f+1 participants by randomly selecting a committee (of 3f+1 validators) at each round.