Bitcoin Forum

I have a theory that I believe yields an ASIC-proof design that is founded upon economics rather than technology.   I would like feedback.

1) Hashing power helps prevent double-spends.
     -  double-spends are only relevant with anonymous transactions of small amounts.
     -  if it is more profitable to mine than steal then private criminals will not steal
     -  where is the threshold at which the capital required to double spend is better invested in honest work?
  
2) Hashing power does nothing to prevent government takeover of the network.
     -  they can filter packets
     -  they can attack users, outlaw it, pass laws
     -  they can build asics
     -  they can coerce miners
     -  they have many other techniques other than 51% attack because a 51% attack only allows them to DOS the network for a short while.

3) I contend that hashing power centralizes control in the hands of who-ever has the economies of scale.  Even new POW designed for ASIC resistance do not change the economics of economies of scale and therefore centralization.

Theory:  The marginal utility of additional hashing power approaches 0 as difficulty approaches infinity.   Like all functions of this form there exists an inflection point where the value received by additional hash power is less than the price to purchase it.   So I started this poll to see where the community thinks this inflection point is.   Currently Bitcoin is paying $200 million / year to purchase hashing power from a handful of increasingly centralized ASIC firms.  This is coming at an inflationary cost of about 10% of the value of your bitcoins each year.   Is this amount of hash power actually providing you additional security for your coins or is it actually backfiring and causing centralization that ultimately leaves us less secure?

I contend that somewhere between $1 million and $5 million per year invested in hashing power would be more than enough to prevent all private (for-profit) criminals and anything more is ineffective against government criminals and thus waisted investment.

I then submit that if mining rewards could be capped at a market-value of  $1-5 million per year, that no one would ever invest money to create an ASIC or even invest significant resources to achieve economies of scale because the competition would be individuals with 0 capital costs using free-power provided by their employers, dorm rooms, hijacked bot-nets, etc and computers that have dual use.

This would then be the ultimate means of both decentralizing a currency and preventing ASICs while still defending against double-spend attacks.  The holders of the currency get the security they need and don't have to pay for security they don't.  

Is there some profitable attack that someone with $5 million could achieve on a network with $5 million in annual mining rewards?     Ie: could they profit more than $2.5 million / year from their double-spend attack and not end up in jail?

Jeff Garzik's real time cost-of-attack measurement of Bitcoin network security:

https://www.resallex.com/bitcoin/brix

Thanks for the link.  This link calculates the cost to attack, but doesn't factor in the profits from attack or what the attack would even yield.   You are only vulnerable if you accept payment from the attacker or if the attacker decides to stop including transactions (DOS).    For high-value transactions, the cost of the attack can be mitigated by waiting for enough blocks (say 100) to make the attack obvious to everyone on the network and pulling off repeat attacks would be very difficult as there are other measures that would kick in.

So, from a private criminal perspective how would they make money by investing $5 million dollars and attempting a double-spend?

Consider also that 'owners of the currency' have a financial incentive to mine below-market rates to protect their investment and ensure their transactions get processed.    So the cost to produce hash power would probably be greater than the direct payout received for mining it.

I suppose a rich, private company may attempt to undermine the currency and earn their profits on the side rather than directly via double-spending.

Conclusion: don't rely solely on proof of work to define the best chain.  If someone pops up with a new chain that is more than 6 to 10 blocks forked they are ignored until manual intervention is taken after community consensus can be reached about whether or not that 6-block fork was mined in private or the result of a legitimate chain split caused by a network outage.

Hard to discuss numbers without defining a set of common assumptions.

I assume the poll is asking, "how many usd worth of hasing power per annum is necessary to secure the network right now?"
Where a $ of hashing power per annum is the Th you can rent for $1 for one year.
Furthermore, do you assume that the USD cost of renting a terahash for one year = the USD revenue of 1 terahash-year of mining? This is the most reasonable starting assumption in my view, but people often make alternative assumptions.

I guessed $10 million and rounded up to 20 since there was no 10 option available. 

I am talking about the economic cost to purchase one-year's worth of hash power equal to the hash power of the network such that your hash power becomes 51% of the new total.

I use $USD because the amount of hash power per USD changes over time.   

I assume that market forces push the cost of producing a hash equal toward the revenue earned per hash.   

Okay, there is the additional issue of when. Obviously $20 million would be too much when the network was created. Similarly, it could easily become too little if bitcoin appreciates further.

Are you implying that there is some amount that would always be just right, regardless of how much a bitcoin is worth?

To all of you people selecting more-is-always-better I challenge you to defend your irrational belief.  I suppose you would gladly spend 100% of your income on taxes to provide even more security for the banks.  A police man at every cash register and triple factor authentication on every transaction?    After all there appears to be no limit to how much you are willing to spend on 'security'.  

If you think it needs be be more than $100 M then post here with a number.  But to assume the sky is the limit is to avoid all rational economic calculation.  

What exactly the attack that one could profitably make against $10 million dollars worth of electricity invested in hash power?

Yes, I am implying that it only needs to be high enough to prevent private, for-profit, criminals from making a profit on a double-spend.   Changing the 'rules' of the network requires more than hash-power, it requires consumers and merchants to use your fork. 

Thus you would need to find some other way of deriving profit by 'messing' with the network and I suspect that there are other techniques aside from increasing the hash power that would be sufficient to prevent DOS attacks.

You could profit by imposing a higher minimum fee on all txns. Say 5% demurrage per annum for example. This is just a forced conversion of bitcoin into paypal. Of course you never have to txn anything, but that can't go on forever. Ultimately the new paypal would end up with 5% of BTC's market cap in profit every year from this.

If bitcoin were successful and entrenched enough, the masses would just accept getting shafted. Just like people happily receive paypal's shaft every day. It would never work right now though. Too many other options out there and too few compelling reasons to stick with bitcoin. The market cap would take a significant hit.

Since 5% demurrage per annum has no fixed USD value, I'd say that the necessary hash rate doesn't have one either. At least not in USD. I think maybe 1% of btc's market cap per year is the necessary hash rate. Thus ~10 million USD and change right now, much less last year, and potentially much more if appreciation were to continue in future years.

Assuming $10 Million / year investment in hashing power, that comes out to $27,000 / day or about $200 per block.

If you ignore the initial capital cost and assume that you can 'rent' this hashing power for the purpose of your attack, then it would cost you $1200 to produce 6 blocks and you would only have a 50% chance of having the longest chain.   As a result you would have to do 2 attacks, costing a total of $2400 and you still don't have 100% chance of success.

There is of course some risk with getting caught and hauled into jail.  So there is some kind of risk-premium criminals would put on top of their double-spending efforts.  Lets call it 20%. 

As a result, I estimate that you would have to earn over $3000 from your double spend attack for it to make economic sense and this assumes you have no capital costs and are merely renting the CPU power. 

Assumptions:
    Revenue from mining cancels costs of mining with a small profit, say 5%.  Therefore, you can profit $10 per block by providing hash power.
    A private criminal would 'earn' $60 from the attack simply by producing the blocks.
    Any double-spend attack would be gravy if they could get away with it.
    Assume an attacker owns a bot-net and thus is not paying for electricity or capital costs, their only cost is 'opportunity cost' ... in this case they earn $2400 from mining and the double-spend is gravy.

Conclusions:
    As long as it is directly 'profitable to mine' you are subsidizing someone who is performing a 51% and double-spend attack.   
    To fight both centralization and double-spend attacks, the mining reward needs to below the cost to acquire the hash.  This would have two consequences:
         - operating a mining business for direct profit (from mining rewards) would not happen.
         - a double spend attack must make up for cost of mining at a loss

Under my assumption, they would not be able to raise fees and keep them.   Their total revenue would be limited to $X million per year regardless of fees.   I would argue that Bitcoin is becoming centralized and will suffer the fate you think would occur by limiting the economic payout to miners.    I was trying to avoid implementation details because they muddy the water, but this is how I would do it.

Assuming the block chain knows the value of Gold because of something like BitGold trading on the chain.   The block validation rules could be such that the maximum value of the mining reward paid to the miners is set in terms of gold.  Any surplus fees or mining rewards would be paid as dividends to the holders of the currency.   It is now in the best interest of the owners of the currency to maximize dividends and minimize mining rewards.   They could then profit by mining to include transactions with high fees even if the mining reward was below the cost  of electricity. 

As a result the network would insure a minimum level of security but there would still be financial incentive for the owners of the currency to mine on their own.  If someone attempted to turn it into paypal by charging high fees to be included in blocks, their profits would be split among everyone in the network rather than centralized in the miner.

http://www.youtube.com/watch?v=faSa3r8WIU0

No.

Overpaying compared to existing pay networks and banking system? Definitely not.

With a $40 trillion a year global economy, 5% in PoW debasement (the USA wages and GDP both grew by 5% nominally per annum from 1790 to current, so inflation goes into wages) is $2000 billion a year. That is how much I think we need to prevent the scenario I am worried about below.

Also this $2000 billion ($2 trillion) will go to the owners of PCs, if we perfect the PoW algorithm, so they get both the rise in wages and the debasement back as mining profits. Win-win.



This (world war 3 to bring in the SDR system) (http://canadafreepress.com/index.php/article/57454)! And it is underway now. Most people are naive to the reality ongoing now (http://www.presstv.ir/detail/2013/08/28/320969/22-reasons-wwiii-in-mideast-is-bad-idea/). Go watch the video of General Wesley Clark explaining that the USA had a plan for over a decade to overthrow 7 countries (http://www.youtube.com/watch?v=9RC1Mepk_Sw) in the Middle East. Obama is going to war with or without the vote of Congress and the public, just as he did in Libya (http://www.theguardian.com/commentisfree/2013/sep/01/obama-congress-syria-authorization).


Forget the profit motive. What we have to protect against is the international bankers are moving us to a NWO with SDRs as explained in my first link above.

Network outage and packet filtering is something they can do.

So we have to think about what happens to the blockchain in that case.

This is why I am not enamored with BitAssets right now. I want to focus on designing a currency that can survive what we will be going through in the next few years. I'd rather give up exact timing on the arrival of the blocks of the blockchain under adverse conditions.

Exactly, we need to spend 200 billion on security at that scale, but not via hashing power.   It would be like a $200 B lock on your front door while you have windows right next to it. 

I argue that security comes from privacy and public support / popularity.   You must win the hearts and minds of the public against the propaganda that government will throw at the system to justify their crackdown.   

Then the protocol must be robust to high-latency, low-bandwidth situations and not rely entirely on hash power for validating the consensus.   So to blindly throw $200 million toward hash power when it could be redirected toward public relations and other forms of security is insane.

The biggest concern IMO is the heat generated by ASIC devices, they might melt antarctica  ;D

(Edit: This is not a concern anymore, thanks to D&T's clarification)

The international bankers are taking us into chaos of WW3 with or without the support of the people. You can do all the PR you want and won't stop them from taking us into war and impoverishing the majority.

The majority is weak. They depend on socialism and the international bankers for their daily needs.

Unless you can design a socialistic coin to give all the masses everything they want for free, you are never going to win the PR battle against the international bankers who offer the masses everything via debt and socialize the defaults into wars.

So I completely disagree with your naive idea that you can overthrow human nature. Go ahead and try if you want.

I am interested in a coin design that can continue to function even under attack by the $trillions that the powers-that-be have access to.

It doesn't need to be used by everyone, just by those who want to exist outside the "system". I am not going to try to change the "system". Everyone who has tried since before and after Jesus has failed to stop human nature.

Is it possible to design a system that can withstand attacks both on the PoW and also on the network infrastructure that carries the packets?

I am not so sure it is possible. That is what I am evaluating now.

Everything has a price and the market balances cost vs benefit of every choice you make.  Decentralization isn't free and the measures required to defend against WWIII level attacks would require extensive compromises in functionality, speed of transactions, transaction fees, etc.   Ultimately all that is needed is:

1) a means to broadcast to the entire world.
2) a means to receive that broadcast.

If you can do those two things cheaply and in a decentralized/timely manner then the system will work.

Can we discuss bitcoin security using bitcoins instead of dollars?

If bitcoin value (in $$$) doubles, the dollar total spent on securing the network should also double.  Denominating security cost in bitcoins would spare us needles mental acrobatics.

I'm also not sure of utility to be gained from the answer.

Profit is the primary motivator of both ASIC manufacturers and miners.  Not network security.  If additional hashpower didn't offer any extra security, it wouldn't effect the miner arms race in the slightest.

TL;DR:  Added security is simply a byproduct, not the goal of upping the hashrate.  As long as it is possible to make more bitcoins with MinerX than the sum of its cost & energy cost, MinerX will go online.  If security is improved?  That's just a clever bit of the bitcoin concept.  

I mentioned the dollar amount specifically because is the value of bitcoin doubled, we could have the same security as we do to day while paying half the bitcoins and thus reduce inflation.  I want to compare the 'economic cost of security' vs the 'economic benefit of security' and my conjecture is that cost of security does not scale linearly in percentage terms with the market cap of the currency.

I would also like to redefine the term 'security' because hash power is only one form of security.  So the real question is how much hash-power security is required and how much benefit does each additional hash provide relative to the cost of acquiring it.

Furthermore, I submit that over-paying leads to centralization which ultimately undermines the goal of 'security' and replaces it with a small cabal that can perform a 51% attack at prices so cheap that the average man can no longer have any economic influence on the direction of the currency or what transactions get processed.   So clearly overpaying for hash-power-security is counter productive and actually hurts the network despite having a higher hash rate.

Yes.   Because the attack vector is double spending and the value of transactions doesn't change as the network grows.  High-value transactions would not be anonymous and thus not subject to a double-spend attack.

Specialized gear (the "S" in ASIC) leads to centralization.  If bitcoins could be mined with gear acquired to serve other needs (CPUs, GPUs), there is almost no entry barrier to bitcoin mining.  That's history.  No more.  Bitcoin mining requires gear as specialized & unusual as the Aardvark.  It mines well, but that's all that it does & once the power costs surpass the value of bitcoins produced, it's the dumpster, not ebay.  I think centralization is self-evident.

Not sure how you get away from security costs (in dollars) shadowing bitcoin value (in dollars).  Not sure if knowing all of this allows us to change any of it.

With BitShares the blockchain has access to price information and thus can calculate mining rewards in terms of dollars rather than the currency itself.   Money not paid to the miner is paid as dividends.  Thus the more money paid in dividends the higher the value of the currency.    So this is not 0-sum, I could reduce the mining reward increase dividends and see the result that the value of the currency rises by more than the reduction in mining reward.  This is a complex differential equation interacting with market forces.    But assuming I could target a certain value of hash power that is independent from the value of the currency itself it could work.

With bitshares there exists a ratio between dividends and mining rewards.  I believe that the ratio should not be fixed, but should decrease as the market cap increases.  The exact equation to pick is some what arbitrary, but picking a constant factor is also just as arbitrary and will certainly lead to too much value being directed toward hashing power.

Sorry, didn't see your sig/ didn't read the entire thread carefully enough.  I assumed we were talking about bitcoin network as-is.

I am talking in the abstract sense.  Bitcoin is the same as the BitShares network without dividends or BitAssets.  Anyone designing a new alt-coin could learn from the economics of hash-power security.

I am trying to think of a way the system can switch over the to slower way that still works if the SOBs start filtering the packets over the whole network, i.e. we call the blocks in or something or obfuscate the packets in other kinds of network traffic.

The design considerations are different than when one isn't considering such a grave threat.

I am not saying I don't want your BitAssets, but for me that is not the main priority right now in my mind. I feel we are facing a much more dire threat from 2016 to 2020 at least.

And I am really sick and tired of people telling me I am wacko for thinking these things.

People are so naive.

Please everyone go watch the video I linked upthread (page 1) of the four-star general Wesley Clark telling us that the USA government planned for a long time to overthrow 7 countries in the Middle East.

Understand this is about building a pipeline to Europe to remove Russia's monopoly over natural gas to Europe. But there is a larger picture, which about reorganizing the financial system from dollar reserves to SDRs so that the rise of the developed world can be controlled by the same international bankers who have been around since central banking was established in the 16th century. I think you all know the names.

Remember what I taught everyone over in your main BitShares thread, who ever controls the unit-of-account controls the world, because all other currencies and assets float in value relative to the most liquid money.

When the world's energy has to paid in dollars (and soon to be SDRs), then they control the world.

The other of the currencies of the world will float relative to SDRs, so that countries will be slaves to the SDRs.

Why do you think the USA is involving in the Spratlys island dispute near the Philippines that is also claimed by China? It is all about making sure that Asia does not produce their own natural gas, because there is a huge investment now in the USA to build pipelines to Louisiana and Texas and ship liquefied natural gas over to Asia. What do you think the BP oil fiasco in the Gulf of Mexico was about? It is all about them gaining unfettered control over that region to implement these plans.


Exactly. We are paying much more than the 5% debasement to the SOBs.

So we need to pay a lot for security. So that people can build the side-infrastructure to route around the SOBs. Maybe they will use short-wave or HAM radio if necessary?

This is why I am not against pools, as long as we keep them below say 5% of the network difficulty, which I think we can do by making the clients and protocol smarter.

I am thinking of things that aren't even your radar with BitShares. I wish I could find someone willing to work with me?

EXCLUSIVE: Syrians In Ghouta Claim Saudi-Supplied Rebels Behind Chemical Attack (http://www.mintpressnews.com/witnesses-of-gas-attack-say-saudis-supplied-rebels-with-chemical-weapons/168135/)

I agree with this idea about dividends. I also agree that bitcoin is overpaying for security. I've been saying both of these things for years now. You can probably find 200 posts in my post history that make this claim.

However, your solution is not going to work unless it incorporates a complete overhaul of the mining process. Capping miners take from txn fees is not feasible. They can always publish an address for receiving fees and only include txns that offer bribes to this address. The fact that there are no fees in the protocol doesn't mean that POW miners can't demand fees and enforce this demand as a prerequisite for issuing a successful txn.

You have to adjust the mining process so that the people receiving dividends also control which txns enter blocks.

What is that type of mining process called? Proof of Stake.

Ok, I am shocked!!  85% of people who have voted made the only vote that could possibly be wrong!   The reason 'more is always better' is wrong is because it entirely ignores cost (real and opportunity) as well as marginal utility.  In fact, I am willing to bet that given the choice between paying 10% of their bitcoins to some miner and not... most of these people would choose not to!   Why?  Because the opportunity cost would now be personal and not 'socialized' and people tend to think clearer when their own money is on the line.

So, I challenge each of you who voted for 'more is always better' to either withdraw your vote and post how much you would pay or select one of the other options.   Either that, or post here and explain why more is always better.

All of that said, I have come up with a solution to setting the mining reward vs dividend rate that will always ensure that 'market consensus' on the value of hashing power is used rather than any price fixing on my part.

General of all American Intelligence (http://www.youtube.com/watch?v=daNr_TrBw6E)

Saudis offer Russia secret oil deal if it drops Syria (http://armstrongeconomics.com/2013/08/28/saudis-offer-russia-secret-oil-deal-if-it-drops-syria/). Btw, Putin threatened to retaliate against the Saudi monarchy.

2.3 TRillion Dollars Missing from DOD Day before 911 2001 (https://www.youtube.com/watch?v=_rRqeJcuK-A). DOD = Dept of Defense.

DOD's $Trillions Black Budget (https://www.google.com/search?q=site%3Asolari.com+black+budget)

I had all the names and who was paid what in Russia by whom. That is part of what was taken by the government and then it miraculously was destroyed in World Trade Center building 7 that collapsed with nothing hitting it. The SEC replied to my request (http://armstrongeconomics.com/2013/08/10/platinum/) for my files saying they were all destroyed in WTC 7 (see below).

As the War Cycle Turns Up – Middle East Is Going Nuts (http://armstrongeconomics.com/2013/08/21/as-the-war-cycle-turns-up-middle-east-is-going-nuts/)

Michael Hastings Coincidence or Conspiracy? (http://armstrongeconomics.com/2013/06/22/michael-hastings-coincidence-or-conspiracy/)

Looks like we may start bombing Syria on roughly 9/11.

This is entirely off topic, please delete your post.

You seem to forget that if we get the PoW correct, we could hopefully be paying this to ourselves.

You don't seem to understand that the largest threat to mankind is that central banking is top-down. This top-down entity is capable of extracting a huge percentage of what society produces, and directing towards any threat to their power.

In order to create an economic incentive for humanity, we need to give a large percentage of global production to mining, so that individuals will have a vested interest to defeat central banking. This will be war, if we are really serious about winning.

Otherwise, just bend over and pull down your underwear and take it.

P.S. I will not delete my post. It is entirely on topic. Why are you trying to censor the information that people need so they can know the threat we are really facing.

This is a lie and demonstrates 'group identity' which is the foundation upon which all arguments for socialism is based.  If I am not mining, then I am not paying this to my self.  Instead, I am paying those who are mining out of my potential dividends based upon my ownership of the shares.  It is not the rational way to maximize shareholder value.

This latest argument effectively says...

"In order to beet the evil central bankers, we must consume scarce economic resources searching for rare nonce values so that we can distribute an increasingly expensive to create digital currency to the masses.   If we can only make it too expensive for THEM to mine enough to own the network then we will win!"   

This is the ultimate mix up of the means and ends, cause and effect.  It is raining because the side walk is wet!         

You do not beat them by consuming resources, you beat them by producing value that they don't own and cannot steal at cheaper and cheaper costs.   By providing a product that is both in demand and out of their control that provides value rather than consuming value you benefit society.   

If you make it about resource consumption they will always win!  You must make it about efficiency and value production.

If there is no profit to be made on mining, then no one is earning it. In that case, it is a cost that society has decided to pay because it is much more prosperous than be slaves to top-down central banking.

If you choose to not mine with your existing PC (assuming we get PoW hash correct), when your PC is idle while you are sleeping, then you choose to waste your resources.

You also forget that mining is one way to obtain coins anonymously and without needing fiat. It is the fountain or source of coins that don't originate from fiat, thus we need more of it, not less and less which is the egregious design error of Bitcoin.

Money is socialist by nature (https://bitcointalk.org/index.php?topic=226033), yet mining is diverse, and there are many opportunities for individuals to experiment with different strategies, which is thus capitalism.

No, I choose to conserve my electric bill.   I waist my resources as a shareholder in this currency by paying people for unnecessary work and thus reducing my dividend payment.  Even if I pay myself... I do so at the expense of other shareholders and this is a 'conflict of interest' situation. 

Now as an 'outsider' and non-shareholder I would be experience an opportunity cost if I didn't mine while it was profitable.   This is only true because as an outsider I am not the one paying for the mining.

You ignored that I wrote, "Money is socialist by nature (https://bitcointalk.org/index.php?topic=226033), yet mining is diverse, and there are many opportunities for individuals to experiment with different strategies, which is thus capitalism."

For example, installing a hydrogenerator on a stream in your farm.

Money is the most marketable commodity... there is nothing socialist about it and you have no clue what you are talking about when it comes to either economics or socialism.   I will now bow out of any future economic discussions with you.

Yes we must make it too expensive for them to win, and this is not wasting resources. This is using resources wisely and as efficiently as possible. Don't underestimate the ingenuity of mankind when given the diverse opportunities to experiment and find the most efficient means that are not available to the central bankers. Remember they operate top-down and thus they can't locate next to every small stream. There are only so many large rivers and they have already tapped most of them and the electricity is committed already to other things. Electricity is the resource they don't have enough of.

I suppose they could generate electricity at much lower cost with breeder nuclear, but we could hope that if individuals are given this opportunity, with $2 trillion prize, then private industry will create their own breeder reactors.  


You conflate consumption with "no value was created". Consumption drives efficiency and the creation of new knowledge and methods.

Your theory is that if we consume less, we produce more. Wrong! That is theory of Marxism and Malthusiam.

The key is that when there is no debt driving consumption, then this is pure competition and survival-of-the-fittest, i.e. efficiency.

Money is what society decides is the dominant unit-of-account. Then people don't want to change, because from their perspective everything else is volatile in price relative to their unit-of-account. How do you pay your workers in gold when its price changes so much. You can't do accounting in a unit which is not the unit-of-account that everyone else is using, because you have to budget your inputs and their cost can't be changing so radically in order to budget your profit and salaries.

Money is socialism because whoever can control what society decides is the unit-of-account and thus can control the issuance and debasement of the currency, thus controls the society economically. And they can award all the debt to the masses, that the masses demand to get.

"Let me issue and control a Nation's money and I care not who makes its laws"-- Amsel (Amschel) Bauer Mayer Rothschild, 1838.

The pricing of most of the world's energy in dollars is a significant factor of why the dollar is the unit-of-account of the world. Those countries which try to use their own internal unit-of-account, suffer wild sings and thus are slave, e.g. look at emerging market currencies dropping -20% since the Fed threatened to taper QE.

That is not very smart to accuse me of not knowing economics.

And how do you propose to protect us from top-down central banking?

You will try to use PR to convince the masses to be virtuous? Hahaha. Go ahead. Humans have been trying for since before Athens.

The masses want their cake and bread and whoever will give it to them for free, they will take it. Period.

Edward Snowden sacrificed his life to PR and look what happened to him. The masses don't give a f$ck about your idealistic goals. They want their fun, drugs, tattoos, nose rings, cigarettes, chocolate, etc, etc,etc, etc,

And you want to waste my money trying to convince them?

I want my portion of debasement going towards incentivizing miners on how to be the most efficient. I think this is much more difficult for the SOBs to compete with than the current system where they control the PR because they award as much debt as the masses want. To compete with them on their terms you have to give away massive amounts of debt and tie that together with PR telling the masses how great it is to have what you want when you want it for free (just watch the TV please).

Sorry to blow a big hole in your business plan, but it is better you change course now, not later.

Let me see your nonsense equation.



Nothing other than PoW can be secure, because the others don't have randomized input entropy. I already debated and studied this in great detail. I am not going to again.

I chose more is better because all of the other options involved pegging to an arbitrary amount of fiat currency backed by government debt. It would be better to keep everything internal to its own coin, Bitshares.

When I first heard of Bitcoin, when it was selling for 10 cents, a major reason I didn't think it would go anywhere was the mining seemed like a silly 'make work' type process which just consumed electricity and didn't do anything useful. I would still rather see the effort go to something productive.

Mining does offer an incentive to early adopters to risk resources and time to expand the network.

My personal favorite of productive mining is carrying network traffic and contributing hardware resources, to build an alternative to the internet, a wireless/wired community network which also functions as a distributed cloud server.  The mining and coin generation could be tied to encryption of traffic for the network, earned when data is requested from a router by others, spent when a user requests data from other routers than his own.

It is productive to encourage private industry to become more efficient than utilities. That is precisely what we need on a large-scale to defeat the SOB's control over energy which is one the main ways they keep us slaved to their currencies, because we have to pay for their energy in their currency.


No I already showed in another thread how this violates the principle of input entropy that is necessary. (If you need to the link to my logic, I can dig it up for you?)

Just stop trying to find an alternative to PoW. There can't be one. I am telling you this as a theoretical mathematician.

Hash power and mining are independent variables.   Currency can still be issued via the random selection from mining.  Under a 'fixed cap' this random allocation would be limited to something like $5 million market value per year where as Bitcoin is currently randomly allocating $200 million market value per year.  

The truth is it isn't being randomly allocated, but allocated toward those who add hashing power to the network.  Hashing power beyond a certain point is waisted resources.  If you could get the same benefit to early adopters to grow and expand the network via something like dividends then you would actually end up with the same growth and expansion of the network and wide adoption without consuming unnecessary electricity.  

Can that defeat the $2.3 trillion black budget of the DOD?

It is currently limited in Bitcoin, it will be 0 in 2033.

Even I am only proposing 5% per annum, so if the coin reaches $100 billion mcap, that will still only be $5 billion per year.  


Why is consuming electricity bad? What if that private investment causes us to make 100% safe, solid-state breeder reactors that give us 1000 times cheaper energy than we have now.

Energy is 1000 times overpriced, because the SOB's have a monopoly on it.

Can you even fathom how much energy there is in the universe compared to our population. You must have a very myopic (head in sand, can't see over the forest) thinking. Open your mind wider and see the big picture.

You are not THE MARKET. Stop trying to be God.

This thread does seem to favor picking winners and losers to an extent.


Don't recall discussion, please link. Thanks.

https://bitcointalk.org/index.php?topic=273197.msg2950518#msg2950518

Also a link on why non-PoW systems won't be secure:

https://bitcointalk.org/index.php?topic=273197.msg2954801#msg2954801
https://bitcointalk.org/index.php?topic=255171.msg2960802#msg2960802

The random encryption of a network encryption algorithm should have plenty of entropy for PoW with no way to predict the work for the next block. 

Your comments are nonsensical. Let's ignore mixed PoW/Pos for the moment. Mixed pow/pos is much easier to design and almost certainly the best option for future altcoins.

For debate purposes, however, it is cleaner to analyze pure PoS. Pure PoS is the only implementation out there right now (e.g PPCoin and its knockoffs), so the subject is of practical as well as theoretical interest.

PPCoin is still stochastic, however. It is even cleaner if we talk about a deterministic voting system. This allows us to ask: 1) Do we actually need entropy at all? 2) Could a secure consensus be achieved under deterministic PoS mining?

I think the answers are 1) no we don't need entropy. 2) Yes, a secure deterministic system is possible.

 (For the purposes of argument please ignore the question of block interval arrival variance in what follows, this is extremely difficult to manage in a deterministic system. A system with huge variance in block times can still be secure against attack.)


I'm too lazy to go into detail I think, but here is the basic idea: [Edit: I cleaned some stuff up for posterity]
 
1) Each txn is labelled with a specific block height, h, and a hash of a blockchain history at time h-1. You can only put a txn in a block if the block's height matches the txn;s block height label and if the history at time h-1 matches the actual blockchain at time h-1. You can only use a signing key once every 1000 blocks. If you use the same signing key twice within this interval, then miners are allowed to stick the duplicate signing key in a block as evidence of cheating and issue all inputs still controlled by this key as txn fees. (Essentially you are forced into the best practice of never re-using keys). If your txn fails to confirm, then you have to wait 1000 blocks to try again.

2) The total outstanding issuance of coins is ordered, so we can refer to an unambiguous satoshi #135322353523 and all be talking about the same satoshi.

3) Assume that all coins have been issued. (e.g. take the current bitcoin blockchain as the initial coin distribution)

3) Call the amount of satoshis in txn fees in block of height h, fh. Each block must contain at least 10^8 satoshis (1 full coin) in txn fees, so fh>=10^8 for all h

4) Satoshi #f1 mines the first block. The owner of this satoshi signs this block with his signature. Satoshi #(f1+f2) mines the second block. Satoshi #(f1+f2+...+fh) mines block h. Once you get to the last satoshi, you start the counting process over again at satoshi #1.  

4) 99% of txn fees in each block are redistributed to all existing coin holders in proportion to their ownership share after txns with the block are accounted for (of course this uses up a huge amount of space, but that's not the point here. There is also a rounding issue, again beside the point here.) 1% of txn fees go to the block miner, just make this 1% the earliest numbered satoshis in the block. There is no block subsidy, so the total money supply is constant for all blocks h.

5) Whichever chain has the largest cumulative amount of fees is the correct chain. So if there are two blockchains with fees f1+f2+... and f1'+f2'+..., then f1+f2+...' is the correct chain if f1'+f2'+...> f1+f2+... These two chains can differ in height. The comparison rule is still the same. If two chains are equivalent (f1'+f2'+... = f1+f2+...), users just stick with the whichever chain they see first until they hear of a longer one.

This captures the basic idea. Anyone can double spend by paying fees sufficient to overtake the main chain. Since 99% of fees are redistributed to everyone else, double-spending is costly. If you pay all the fees in block h, then you pay f_h to create the block and receive 0.01 f_h as a reward.  You can't leverage existing past txns to double-spend because they are all labelled with a specific block height h and block history up to h-1. To double spend, attackers need to issue new fee paying txns.
No one who has made a txn in the last 1000 blocks will want to help you rewrite history because this exposes all their inputs to expropriation, not just those used to pay fees.

Suppose you want to reverse a txn in block h-2 and the current block chain is of length h. Assume also that the attacker controls a share of k of all coins, where k is something like 0.999999 but strictly less than 1. Because he owns so much, we don't need to worry about his ability to 'land on satoshis he controls' in order to create an attack chain. If he does have to worry about this, attack costs (weakly) increase since he may needs to spend extra to land on his satoshis. The attacker can replace one txn in block h-1 with one of his own that bears the same amount of fees. The minimum cost of this is 1 satoshi. Let's ignore this one satoshi cost for simplicity.

Now the attack chain is up to block (h-1)' where the prime indicates that block (h-1) and (h-1)' are nonidentical. Txns in block h' must indicate a history of (h-1)' for the block to be valid. Thus, the attacker himself has to generate all of these txns. The attacker's cost in fees is fh, where fh is measured in terms of a fraction of the total money supply. The payoff for the attacker is 0.01*fh (as reward for mining) and fh*k*0.99 through redistribution of fees in proportion to ownership.

Thus, the attacker's net change in coin ownership is (0.01*fh + fh*k*0.99) - fh = -0.99*(1-k)*fh  (since k<1 this is strictly negative).

Thus the attack costs increase linearly in fh. For any finite double spending profit, b, there exists an fh such that b-0.99*(1-k)*fh<0. In other words, txns are secure in block h-2 are secure if fh is sufficiently large.

The attacker could also build just one block based on h-2. Again he needs to pay all the fees in fh to do this (recall that existing txns in this block cannot go in h-1). The attack costs are the same (since we neglected the extra cost of creating block h-1 as negligible; if we hadn't neglected using just one block to attack would be cheaper by exactly this amount.) The attacker could also create a larger number of blocks. This is more expensive because the attacker's share of fees decreases with each successive block he creates.


Note: I'm not going to debate you anymore here on this issue. I'm sure you are wrong, but don't see value in convincing you of this. Feel free to rebut my argument as best you can. I'm not going to respond because it is too time-consuming and not productive.

I am not going to argue this again. I already did exhaustively. Just search my comments in the Decrits thread (the key ones are linked in my prior post of this thread). And you are very wrong.

You will learn from experience.

P.S. I hope you realize how fragile it is when only selected mining peers can sign the next block. I hope you realize that any algorithm that is used to order the selection can be gamed because it doesn't have input entropy.

We get random data from the PoW, so random selection is possible. But I don't think it matters if we randomly select from a set of works to do, because someone could have precomputed those works. That is the same point I already made in the links I already presented to you.

The result of the PoW is a truly random generator, so that is some work that could be reused by applications which need truly random generator (non-deterministic) and not just pseudo-random (deterministic).

I read your comments from previous threads. Just irrelevant nonsense and raving as usual.  I generously removed all use of PoW entropy from the algorithm to make things easy for you and the best you can do is unabashedly assume your conclusion.

Sure, you can game this. But that doesn't imply that gaming this is a profitable endeavor. It is the latter statement that matters. The first is irrelevant.

Im not going to claim to be right about this or anything. but it seems to me that you might be overlooking the fact that there are other ways to profit by gaming this algorithm besides generating more deceits for yourself.

Hahaha, and you have demonstrated your inability to analyze in our discussion of BitAssets (https://bitcointalk.org/index.php?topic=279771.msg3036807#msg3036807).

Just go ahead. I know what I am doing.

Put you on ignore per your "just go ahead" suggestion.

If anyone wants to continue this discussion then they will have to take up AnonyMint's mantle and actually prove that the system can be exploited using deductive reasoning.
 
(Anonymint: "You are wrong because I know you are wrong. I claim to have showed these other guys that they were wrong too about some other matter entirely. This establishes that I know how to show that people are wrong. I could show that you are wrong too if I wanted to." -> Ignore
Logical argument -> a response from me)

Here are some ground rules:

Assumption: Profits from double-spending have to be bounded by some finite constant, call it b. Without this assumption, no system can ever be secure regardless of its design.

Definition: The system is not exploitable if there exists some amount of txn fees, x*, such that the net cost of double-spending a txn followed by x txn fees, call it c(x), is greater than or equal to b for all x>=x*

Note: If the system is "not exploitable", txns older than x* cannot be profitably double spent. Essentially you would wait for x* in txn fees to follow your txn and then you could safely assume that the txn is irreversible.

If there is no such x*, then the system is exploitable. To prove me wrong, you would probably assume that x* exists and then generate a logical contradiction.

Above (bottom of post https://bitcointalk.org/index.php?topic=285701.msg3061806#msg3061806 (https://bitcointalk.org/index.php?topic=285701.msg3061806#msg3061806)) I used deductive logic to show that x* exists for any finite b. Can anyone show a logical error (or improbable starting assumption)?

Ok you know, you know, you know, in spite that I have already presented the logic, yet you claim it doesn't make sense. So how can I win an argument with someone who is incapable of understanding the logic I presented. So that is why I said just go on.

I am not going to waste my time like a dog chasing its tail, by accepting your faulty basis logic which you expect me to disprove. I rose above that myopia already and presented the big picture logic which refutes (supersedes, subsumes, and invalidates) that noise you are typing.

i already did, perhaps the person isnt interested in profiting in decrits. perhaps he is heavily invested in some alternative money and just wants to prevent it from being in the interest of people to invest in decrits.

You must have missed or misunderstood this:
As long as he isn't willing to spend infinite amounts of money to fund destruction, then motivation based on a desire to destroy the currency is not an issue.

If he is willing to spend infinite resources to fund his objective, then there is no possible way of stopping him.

Long before double-spends become widespread, everyone will know someone is doing a 50+% attack.

Also it is very difficult to find enough merchants to double-spend to, if the cost of 50+% PoW is extensive.

For a mature system, the amount of double-spends one can achieve before being noticed, will never approach the cost of 50% of the PoW.

If one could somehow short the value of the coin, perhaps a 50+% attack would be profitable. But it is going to be very difficult to build such a large short position unnoticed against a mature system with extensive PoW. Once noticed, it will be impossible to enter enough short positions to make it profitable.

So the fallacy of your theory, is that such attacks can't be done on such a wide-scale without being noticed.

Perhaps I'm being pedantic, but http://en.wikipedia.org/wiki/Mayer_Rothschild "Mayer Amschel Rothschild (23 February 1744 – 19 September 1812)" pretty tough for a guy to make some prolific statement several decades after his death, no matter how prolific it might be.

Because it was his son:

http://en.wikipedia.org/wiki/Amschel_Mayer_Rothschild

Microhydropower

So my innovative idea is that connecting diverse microhydropower to the grid obviates its cost advantage, because the grid doesn't always run to your ideal non-costly hydro location (rural) and also regulations are typically more onerous where the grid is (urban).

Yet with bitcoin-like PoW (proof-of-work), the electricity cost is the main input for mining new coins, yet the PoW can be submitted by wireless internet connection (cellular or satellite), so the power can be transferred to society with a very low cost connection (compared to wired connection to transfer centralized electric power).

My prior logic on this upthread:

https://bitcointalk.org/index.php?topic=285701.msg3061374#msg3061374
https://bitcointalk.org/index.php?topic=285701.msg3061171#msg3061171

Anyone thinking of mining a digicoin, should be locating a stream with high flow rate and steep drop:

http://www.energyalternatives.ca/content/Categories/MicroHydroInfo.asp


http://www.energyalternatives.ca/Downloads/MicroHydroCalc.exe
http://www.oregon.gov/ENERGY/RENEW/Pages/hydro/Hydro_index.aspx

http://www.alternative-energy-news.info/micro-hydro-power-pros-and-cons/


http://www.microhydropower.com/

http://www.cnbc.com/id/30194554


Diagram of system design:

http://www.whyhydropower.com/HydroTour2c.html

Palm oil bio-diesel

Another option is palm oil bio-diesel, 508 x 0.90 x 1.30 = 594 > 478 = 0.67 x 714 that for sugarcane ethanol:

http://grist.org/article/biofuel-some-numbers/

The 1.3 is that diesel motors are about 30% more efficient. The energy balance for palm oil bio-diesel is 6 - 8 versus 8 - 9 for sugarcane ethanol, yet factor in the increased reliability and longevity of diesel generators.

Again factor in my proposed use case that you use it on-site thus don't need to transport it to and sell it to a distributor (cut out middle-men) who take a cut before product reaches the consumer.

---

Talk (politics) is cheap (weak). Technology is what really changes the dynamics of mankind:

http://grist.org/climate-energy/solar-panels-could-destroy-u-s-utilities-according-to-u-s-utilities/

Mining would be a good store of value for excess power production in any alternative energy system with variable output based on environmental conditions - solar, wind, tidal, wave generation.

Good for the miners, yes.  Good for the network?  I think the there are better places for the network to spend money.

just to make a few alternative suggestions that might not have been kicked around yet ... with a view to moderate the mining arms race and to randomise who does the winning block ...

A Mining Right Lottery

Perhaps there should be a policy of block miners winning windows of say one or more blocks whereby their IP ( 4 or 6 ) is eligible to compete for the right to mine the next winning block.

This lottery might randomly choose an optimum fraction of the network's mining resources. Such a source of the candidate IPs could be picked sequentially, to save arguments, from the data portions of the blockchain transaction data

Standardised Hardware of miners

Maybe there could be defined a standard code, i686, x86_64, win32, win64 to start that was the only legal hardware with which mining could be done; a bit like:
 - when fishing laws restrict grid net sizes
 - international conventions restrict overspinning bullets, eye damaging lasers, poison gas or anti ballistic missiles
 - This could probably be enforced with the correct code audits somehow

You cannot audit code people compile on their own.
Laws never work, ie: murder is illegal... proof it doesn't work.

There is an article on this topic here: http://letstalkbitcoin.com/is-bitcoin-overpaying-for-false-security/

None of this will work. Read upthread my explanations about the input entropy. Sorry, I am not going to explain it again, you need to understand math and entropy. No offense intended, it is just I get tired of seeing Dunning–Krugers make the same error over and over again.

You have provided no solution for defending against a rogue NSA that will shutdown an anonymous currency. Politics is not going to be a solution for what is coming down the pike after 2015. The governments are planning to take everything down with them.

Your arguments against slightly (slow creep) higher debasement than was planned is irrelevant, as I have explained numerous times that debasement is good and required for an economy to grow. It is centralized debasement that is bad, where one group can manipulate the rate of debasement. No one can drastically alter the rate of debasement of Bitcoin or any PoW.

Yeah we have to stop ASICs or as I proposed, make ASICs available to everyone, because the major cost is the DRAM, not the ASICs in my proposed PoW algorithm.

So you want to continue your silly dividends of paying the debasement back to ourselves again. Accomplishes exactly nothing.

I have a design to defend against government packet filtering. Custom hardware won't help them, they will need to buy as much DRAM as the public has, and the public is going to buy it all up with my plan. The government can't make DRAM out-of-thin-air. DRAM plants require massive capital investments and time to ramp up. The government can force mining pools if the pools are P2P anonymous.

For a currency that wants to be anonymous, then if the NSA is attacking the currency in order to kill it, they could careless about profiting and the anonymity feature would also protect their identity. Merchants deal with charge-backs because the customer is not anonymous. Big difference with anonymous accounts and being unable to know which accounts to filter on past chargeback history or inability of the customer to provide the matching data on record for the card, i.e. the CVV2 code, name, and address. Customers can't get chargebacks these days without a valid reason.

It only takes a small amount of double-spend activity to send everyone running from the currency, because they can no longer trust to receive it in payment. There would be a stampede to get out, causing a waterfall crash in value.

The attacks from possessing a significant portion of the PoW difficulty are not limited to double-spending. The adversary can delay transactions. Assuming 10 minute blocks then with 90% of the difficulty, the adversary could with delay by 10 minutes 90% of the time, 20 minutes 81% of the time, 30 minutes 73% of the time, 40 minutes 66% of the time, 50 minutes 59% of the time, 60 minutes 53% of the time, ... to 2 hours 28% of the time.

Your prediction markets will suffer from the irrationality of the masses, as well any voting system is always vulnerable to manipulation.

I don't want to lobby the government. I want take away their cookie jar and shut them down. We can't negotiate with crooks and sociopaths. We have to remove what gives them their power. For as long as they can feed debt and socialism to the masses, the masses will be fooled.

http://armstrongeconomics.com/2013/09/08/agencies-never-obey-the-law/
http://armstrongeconomics.com/2013/09/08/are-they-going-after-safety-deposit-boxes/
http://www.nestmann.com/civil-forfeiture-of-cash-it-could-happen-to-you


In conclusion, the marginal utility of increasing the difficulty of PoW is roughly constant until it reaches the size that governments can't possibly overcome. Since it is difficult to know what that level is, and since the harm that governments do now is much worse than 5% per annum debasement, and since we are paying it to ourselves, since most of us will be able to mine with the improved PoW algorithm, then it is a no brainer. Not to mention this will fund development of more efficient and decentralized energy as I have pointed out upthread, which can greatly help mankind.

P.S. Pedantic correction to the facts in your article, control of any higher than 50% of difficulty can mount an attack, doesn't require 51%.

P.S.S. I am glad you are continuing with your wrong design, it leaves the market wide-open for me.

My aim was to use DRAM....  if you have an algorithm that can use a large amount of DRAM and yet can still run quickly enough to validate the work in a fraction of a second then share it.    If you are not willing to develop in the open and share ideas then stop posting your claims.

I want to be friendly and I do like you and I think you are talented.

I can't agree to your design, but I wish you best of luck with it.

I am pursuing my own design, so since you are ahead of me in implementation, I can't share any more about specifics at this time.

I don't forsee that I am copying any of your design ideas.

I tried to see if we had enough agreement on the design to work together on the same coin, but we don't.

Maybe we can work on something else in the future. Regards.

Just to be clear, you gain nothing by keeping your work secret, because if your POW is that great, I will just switch to it once you do announce it.   If you are going to use patents and IP then you are resorting to government privilege and coercion. 

I am happy if you copy something that I have released in a product. I would release my work as open-source.

I am simply not ready to release (nor to explain, test out my theory, etc) because I am busy creating a computer language:

http://copute.com/dev/docs/Copute/ref/compiler/Xtext/
https://groups.google.com/forum/#%21topic/scala-debate/LWBz3-Q0pNI

The powers-that-be are up to something about a power-kill-switch:

http://armstrongeconomics.com/2013/09/11/beware-november-13-14/

I wrote this on Mon 18 Oct 2010 - 19:52.

Thanks for posting that!

• It is impractical for them to enforce that proposed wiretap backdoor legislation, people will simply move to P2P and rogue anonymous software for doing so. This will be effective against large, popular sites though.
• "Internet kill switch" is technically impractical, because TCP/IP is self-healing and will route around any networks that are taken down. They can kill major arteries, but the internet will go virally P2P in a very short time.
• Technically, SecureBGP (BGPSEC) can't be widely implemented because it won't scale well beyond the major arteries. Ad hoc routing with TCP/IP will route around it, if it becomes a block (nature sees it as non-functional and routes around due to Coase's Theorem). The fact that BGP is P2P now, means that it will be impossible to go back to making it centralized.
• Regarding intellectual property policing, a decentralized DNS is feasible and will be incentivized by the govt's fascism.
• All of this is like the Napster experience-- the more the authorities attacked, the more P2P alternatives popped up and the more people that participated in downloading music for free.  The govt is powerless (as usual), but they will hold sway over the large sites and arteries.
• "Computer health certificate" is so impossible, I really doubt the competence of the author of the link you provided.
• Cloud computing can be P2P.

Yes we have a battle coming between the State and the individual.

I voted 1million .

But my follow up question is:

Whats $1 worth ?

+1

Wow an unusually concise and positive statement,  which is also backed up by truth, but id go further..

Generally "Government" is not the enemy here friends.

"Government" really truly is the sum of its many parts and corruptions.

"Government"  in its self , isn't the wall of oppression its sometimes made out to be.

Its much better to analyze problems back to the cause, if you think about that deeply,  how often is "Government" the problem.