Bitcoin Forum

Here is an idea how Bitcoin could be improved:

In the current implementation, scarcity is created by setting up arbitrary computational problems whose sole purpose is to create scarcity. The computational problems are artificially created by the system, much like a fiat currency. There is no natural demand to solve those problems.

This is macroeconomically suboptimal because a lot of CPU power is being "wasted" instead of being put to good use (opportunity cost). It would be bad for the environment too, if BC were ever to become a world currency.

Why not use those CPU cycles to perform computations with real value? This could be done via some sort of grid computing infrastructure such as BOINC, except that it would be a marketplace instead of a volunteer grid.

For example:
A drug company wishing to model the structure of some protein could use Bitcoins to buy "computing credits". The computing credits can then be used to secure the right to define the data and algorithm of each computational chunk.  The CPUs of the BC users solve these chunks and send the results back to the drug company. As before, the BC user gets newly generated Bitcoins in return for computing each chunk. In addition, the user receives the Bitcoins paid by the drug company.

This would have the benefit of backing BC with something more tangible than just the collective faith in the project. It would also generate lots of extra demand for BC.

Any thoughts?

I completely agree.  My main hesitation with BitCoin at present, from an market-anarchist perspective is that BC lacks intrinsic value.  By this I mean simply that BC is a medium of exchange by design and by declaration, not through natural market selection.  Taking gold as an example, the market had already chosen and accepted gold as a medium of exchange long before governments got involved and "endorsed" it.

What I'm wondering is if the BC concept would be better applied to a community like I2P?  In my opinion, what I2P is missing is an underlying agreeable cryptocurrency which it's nodes can earn by keeping the network online, and it's members can use as a form of payment.  If this were the case, BC would probably start having some intrinsic value within the I2P community which creates a positive feedback loop for I2P: more nodes pop up, stronger network, etc.  And next thing you know, a completely encrypted and anonymous internet can emerge in parallel to the existing one.  I think this would be incredible, especially being able to jump between the two.

What do you guys think? I really don't know much about I2P, but I wonder if something like this is feasible?  It would be great to see non-geek types start migrating towards a true privacy protected internet, and perhaps the ability to earn something of value for keeping the network up would motivate them?

Nothing is stopping the I2P community from adopting it right now.  It'd be great if they did.

I'm not a believer of intrinsic value though.  Not even for gold.

There is nothing stopping you from creating such a system.That to me is the intrinsic value of Bitcoins.You cant send actual gold over the internet and it is labour intensive to dig it out of the ground.Bitcoin could be the virtual equal of gold because it fits the virtual world.Gold is physical and is perfect for the physical market.For the virtual market you need something else.The market always decides what the perfect method of exchange is.What we have to do is make it incredibly easy to use virtual currency while maintaining is security.

Governments and criminals can easily seize your gold .

Bitcoin can exist in the cloud,gold can only exist in the material world.

AFAIK, there are no "useful" computational problems that have the properties necessary to be used as a proof-of-work. 

The hash function is used because it is irreversible, easily checkable, small in size, and probably some other things I'm forgetting.  Even if you could, for example, encode the transactions as a polypeptide (chain of amino acids), and then made folding the polypeptide into a protein the proof-of-work, such a proof-of-work could not be checked without redoing the entire computation.

Even if you could come up with a suitable problem, due to the economics of BC you would never actually generate any additional value by using a "useful" problem.

It does seem kind of wasteful that bitcoin relies on the consumption of resources in order to achieve its properties as a store of value. Once all bitcoins have been generated, will it continue to consume a great deal of resources?

I think that this could be one technical source of a downfall would it ever to become highly popular; what do you guys think?

The coin generation is just a clever (in my opinion) way to limit the supply; the rate at which they're created.  It lets everyone feel like they can get a piece but it still makes it so you can't just mint a billion of them overnight.

It is not about consuming energy or resources - it's meant to be used on computers that the users already have.  I understand that some people may turn their computers off at night and leaving it on for bitcoins indirectly consumes energy but that's not the point of it; it's like folding@home and such, using resources that are already 'wasted' if you consider potential CPU usage a resource.

If you plan to set up a datacenter full of computers to generate more coins then you would be investing dedicated resources into it and that's your own business decision with its own set of risks.. but it is not necessary to do that in order to trade bitcoins.

I also love the idea of a "native online currency" but as others here my hearth is sorry to waste all this electricty, heath and cpu over time.
i know it runs as idle priority, and i'm not leaving my pc on 24/7 for this, but the consumption is bigger than simple cpu idle cycle.
so, since there are no other suitable problems to let our cpu work on, why don't we adopt an existing one (seti or folding at home, for example) and give bitcoin rewards based on time spent on the network, by pinging other nodes at intervals?
sorry if i'm saying some nonsense =)

theres no need to "waste energy" to use bitcoin, just dont generate any blocks.
bitcoin is not about "being rewarded for running a client", it's about transferring money (or value).
IF you help the network by generating new blocks, you'll get rewarded, but new blocks are not generated by folding proteins, or listening to E.T.

the network NEEDS coins, so it's USEFUL to generate them, i personally don't see anything wasted here.

That's an important point:  You don't need to generate bitcoins any more than you need to go mine your own gold.

Turn off your computer, go do some "real work" that people value, and sell it for bitcoins.
Anyone is free to leave the energy-burning computational expense to those that want to do it.

I sleep just fine.  My computer and network are 100% solar-powered. :)

I'm no biochemist, so I'm not sure about this, but I think you could do that. Folding proteins is about finding states with low energy (because in nature, proteins occur in the state that has the lowest energy). So you could encode the information in a polypeptide, have some energy limit that you have to fit in order to generate the block and fold the polypeptide until you find a state with low enough energy. Verifying what energy does a certain state have should be relatively fast.

On the other hand, such computations probably don't have any value to biochemists, so this would just replace one “useless” computation with another.

I think this point needs to be stressed in the BTC documentation...it's kinda like the uncertainty principle: the more useful the work, the less suitable it is to being proof-of-work for currency purposes (kind of like how Heisenberg himself misled the Nazi's doing "useful" work on the bomb)...

The original post is, in my opinion, missing out on one subtlety.

The computation isn't "arbitrarily pointless."  The computation being performed is what keeps the system valid.  You're contributing your CPU to the task of making the system itself secure.  The only thing that's chosen arbitrarily is how hard to make that problem (and thus how "secure" and less fake-able to make the network), and that's done for supply limiting reasons.  You're performing a distributed computation, the intrinsic value of which is that it makes the economy more lucrative and viable as a REAL economy.

thanks to all the replies (also the ones in this thread: http://bitcointalk.org/index.php?topic=335.0 ) i have now a clearer idea.
I also see that this problem is bigger in the initial phase, when there are few bitcoins so we need to generate them, while it will be less important once we reach a big number of coins and the most important thing becomes the exchange.
that problem was the only point keeping me from using bitcoin, so now i guess i'll join your ranks =)

Wouldn't any NP-complete problem serve just as well (http://en.wikipedia.org/wiki/NP-complete)? I think the hashing target thing we currently use is NP-complete, right? So in theory any other NP-complete problem can be transformed in polynomial time into bitcoin generation.

Gould: The fact that the problem is "hard" is almost a happy coincidence which the system takes full advantage of.  The reason the hashing algorithm is used is because it's answer incorporates the data of the system.  An NP problem would satisfy the "proof of work" aspect, but wouldn't provide any verification about the validity of the transactions, nor would it be unique to those transactions: You could work on an NP problem for 10 years, and then once you solved it, say "Oh hey, I solved this for the current batch that's here right now" when secretly you had started it for the batch from 10 years ago.  It wouldn't verify the accuracy and validity of any of the transactions, whereas the answer to the hashing problem is unique to the set of transactions for that time period, and can't be "faked", thus proving that those transactions are valid.

The search for a low hash value is used for two things. Firstly it is a verification of the absence of any alterations to the block contents. Secondly it is a proof of work.

A hash will always be required for the former but the proof of work portion could be fulfilled by some suitable "useful" mathematical problem which has to enjoy the following properties to be useable.
(1 - Quick ) The time taken to check the work is correct needs to be small compared with the time taken to do the work.
(2 - Small ) All the essential data to verify that instance of the work must be hashed into the block in some fashion.
(3 - Portable) The problem should run on computers without requiring lots of disk space, network io, memory etc..
(4 - Relevant) The starting conditions for that instance must be tied to the previous block's contents. This stops an attacker doing lots of work in advance and then using the stored work to take control of the block chain.
(5 - Interchangable) The bitcoin software must be able to change to a new problem set without disruption.

I can think of several suitable problems such as running ECC curves for factoring, finding discrete logarithms, brute-forcing encryption, double checking Mersenne prime searches.
I can imagine a plug-in architecture which allows new suitable problems to be added. The cost would be a substantial increase in interface code complexity and some substantial security concerns.

ByteCoin

Even if there was a suitable "useful" function, it would be pointless to use.

In order for Bitcoin to work, the electricity and resources for the computation needs to be "wasted" in a way.  If there was some additional value to the computation, then people would just be able to afford to node more for the same amount of reward, including the attacker.

Bytecoin:  If it was implemented in that fashion, what's to stop people from running a modified client with an advantage over the other?  Person A, running a legitimate client, spends half his CPU cycles hashing, and half his CPU cycles solving useful problems.  Person B, running the modified client, spends all his CPU cycles hashing, thus doubling his chance of solving the current block.

The verification and proof of work have to be one and the same problem, so that you can't do one (thus getting paid for your verification service), without doing the other (thus ensuring you're not cheating the system).

will it consume more resources than the Armored Guards (that's what they're called in australia, the armored vehicles that deliver coins, etc. to businesses), the ATM network, etc?

lisa

Hey a fellow traveller from my neck of the woods . :)That is a good question,the cost of diesel and running the cash delivery trucks as well as hiring armed guards to watch it.Insurance costs associated with the trucks would also be quite high.Imagine having no armed robberies because there are no banks left to rob when bitcoins make them obsolete!Imagine the cost of all those bank buildings,the cost to employ all the tellers,the managers and the paperwork.It boggles the mind to think about the cost efficiencies that using bitcoins could bring.

The bigger questions is will it cost more than the value gained by not having a centralized authority.

Even a semi-centralized ecurrency could convey all the convenience benefits of bitcoin at a tiny fraction of the computation costs (there would be no proofs of work), only you have to trust certain parties.

You say that the the electricity and resources need to be "wasted" for BitCoin to work. Well this is already not the case as, over time, the electricity and resources yield BitCoins which are valuable. If the reward for generating BitCoins doubled would that make the system more secure, less secure or would it leave it essentially unchanged. If the answer is anything but the latter then what do you suggest the generation reward be set to in order to maximise security?

You say that if there was some additional reward for the computation then people would be able to afford more nodes for the same reward. Since the same financial incentives operate on both sides of the security equation, the effect is cancelled out.

You also neglect that the most powerful incentives for both participation in the system and attacks on it are not financial. If the bulk of the proof of work contributed to something that gives geeks warm and fuzzy feelings like factoring numbers or folding proteins but which could not be translated into money then you'd get many people participating in supporting BitCoin.
On the other hand, I doubt that attackers would be increasingly incentivised into defrauding the system if their attempts at fraud had the pleasant side effect of folding a few proteins.

I admit though that suitable useful proof of work functions would have to be vetted so that they did not facilitate or incentivise fraud .. so attempting to find private keys is right out.

They do not have to be the same problem. The proof of work would be the "useful" computation. People would check that to see that the work had been done. The hash at the end just verifies that the block hasn't been tampered with and would not have a long run of leading zeros.

So block n+1 contains a nonce and the transactions that have arrived since the publication of block n plus a "useful" proof of work using the hash of block n and the nonce in n+1 as the relevant starting condition. This would all be hashed together ONCE and the hash appended would be used as the part of the starting conditions for the useful work for block n+2. The nonce is necessary so that not all clients are racing to complete the same piece of work. Ideally the nonces would be unique to prevent work being duplicated or the nonce space should be large enough that this is rare.

Additional qualities required for a suitable "useful" proof of work is that one should be able to ascribe it a probablisitic "quality" rating. For hash functions we say that a hash with a smaller value has a higher quality.

It also needs to be smoothly decreasingly useful even if you terminate the work early. This means that all the clients who weren't lucky enough generate work with a good enough quality rating stop what they are doing and send the results of their useful work to some suitable useful work collecting server and then pick up the new hash value and roll the dice again with a new batch of useful work.

It's a bit complicated but worth it I think. I have a longer post in development which outlines the security case for it being desirable.

ByteCoin