Bitcoin Forum

So I've been thinking...
 bitcoin mining seems like such an unfortunate side effect of the system since it is so wasteful. It will be a bit obscene how much will be spent mining if the network ever gets large. It would be cool to come up with a bitcoin that doesn't need miners.

There are several issues but I’ll ignore how coins are distributed and focus on the central problem of creating some way to trust the central ledger*.
Currently this is what mining solves. The network trusts the ledger with the most mining done on it. So now to trust bitcoin you have to trust that >50% of the current mining power is "good". And actually the way the network has evolved with pools we are actually trusting that every large pool operator is “good” since even if the pool isn’t over 50% the operator could have non-pool mining going on bringing the total over 50% or two pools could collude to defraud the network etc. Also if say some government decides to wreck the network it wouldn’t be that expensive for them to do so. (This is all discussed in other threads so no need to go into this here) My point is that although the current network uses mining as a way to solve the trust issue it really doesn’t since you still must trust the large pool operators.

My idea is to make this issue of trust explicit.

Let’s say a node has a public key that the client generates for them. There is no connection between this key and a wallet key. It just allows you to be sure you are talking to the node you think you are.

So when you run a node you choose which other nodes you trust. So you could say “I trust my 3 friends’ nodes, Gavin’s node, and these 5 businesses’ nodes.” This trust just means that you believe these people will never participate in a double spend attack or otherwise manipulate the ledger. 
The ledger would basically be like the current bitcoin block chain but it would also have a list of what nodes believe the current ledger to be valid. <hash of current ledger signed by node’s public key> (This list doesn’t have to be complete. Nodes can just collect this list as needed. They could even just ask the nodes they trust if they think the current ledger is valid since those are the only ones they care about)

Transactions are still sent to all nodes connected to the network. There would be a network wide timestamp. Transactions would only be accepted if they were within a certain time period of the network timestamp. So you would need to wait maybe 10min before you could fully trust a given transaction. After this waiting period you could be sure those coins weren’t double spent.

If a node ever encounters two conflicting ledgers it would just go with the one that was validated by more nodes that it trusts.

So there should always be a consensus among the trusted members of the network.

There would be a way to look up particular nodes in the network and ask them questions. (I’m imagining this whole thing running on Kademlia, a DHT)

So obviously this is still vague because I haven't had time to work out all the details. I’m hoping someone else will be inspired.

ok rip into it!

*(I guess you could try to come up a way to get rid of the central ledger but I have a feeling that might not be possible)

One thing to keep in mind, I think, is that mining is in its infancy. The majority of network computing power comes from giant power sucking video cards, because that's what happens to be useful and on hand. ArtForz's ASICs are (IIRC) 6x more power efficient than 5970s, and that's just the work of one man.

Additionally, in the future miners might be mining against any number of block chains simultaneously, distributing the energy and monetary cost of mining across multiple systems, Bitcoin being just one of them.

I'm not saying there's no place for a trust network, either in place of mining or in addition to it (maybe "I trust these nodes would never engage in an attack on the network"), but I think it's important to keep in mind that the future will most likely look nothing like the present.

I stopped reading right here.  Bitcoin is not wasteful, even now.  It's several orders of magnitude more energy efficient than the fiat currency systems in use around the world.

I would argue that it will be even more consolidated. There will just be a few large mining operations and some big pools. This makes the issue of trust even worse.

Just because it is less wasteful than another wasteful thing doesn't make it not wasteful. You are basically saying: "The model-T is much faster than the horse. There can't be anything faster!"

BitterTea: It also doesn't mater how energy efficient the card is. They will just use more cards to mine then.

P2P can't work with a simple one node one vote system. Anyone can swarm the network with corrupt nodes that will trust each other. This is like comparing pragmatism with truth. The fact that a lot of people pretend something is true doesn't make it true. Keep in mind that it is much cheaper to set up a node than to provide hashing power.

The second problem and one of the main advantages of the block chain that you are missing, is that proof of work secures the earlier work as the chain expands. You are only focusing on the concept of validating transactions while avoiding double spending. In your system, I can attack the block chain by corrupting earlier parts of it, this isn't possible with the proof of work system that we use, because the cumulation of that work makes deeper blocks exponentially harder to attack.

That's conjecture. Maybe in the future every person has a solar powered Bitcoin Box with a hardware encrypted key storage mechanism and an energy efficient ASIC doing hashes. We'll only know when that time comes. Also, as creighto has mentioned many times, merchants will have a stake in securing the network as well.


The amount of economical mining activity is a function of the generation subsidy size, purchasing power of a bitcoin, and energy costs. Anyway, security against double spending isn't the only function of mining, it also serves to distribute the currency initially. Unless you have another method to do so, mining is still a reality until all 21 million coins are distributed.

goatpig: This isn't one node one vote. You only trust the nodes you trust. If someone sets up a million nodes that all trust each other you don't really care.

You can't change the ledger in any illegitimate way without the current pool of trusted nodes noticing and rejecting your change.

I would like to see numbers that prove it.  The current network consumes 2MW of power constantly assuming (on average) 2MH/s/W. It's about 2 million USD per year. Of course that's not much compared to the money used for fiat money flow but for a 45 million USD money supply it's a lot.  And then you have a few million of USD in equipment that based on Moore law will be worth a fraction of the current value in 12-18 months. When you add human work (building and maintaining miners), you have a lot of cost for the amount of money supply that is handled by a small bank.

At the very best, Bitcoin is as efficient as the fiat currency system dollar per dollar and likely less efficient.

P.S I know about the cost of bailouts but Bitcoin is yet to start handling loans. And it were loans not money transfers and money flow that needed a bailout.

Sure it is. Your web of trust system only establishes a list of whose vote you are acknowledging in your decision of which actions on the block chain is valid or not. You still need a system to define which votes are bogus within the web of trust, unless you start from the premise that it can't be corrupted to begin with, which boils down to 2 possibilities:

1) The web of trust is closed to the public. Entry is only made possible upon vouching, decisions are all considered correct, which all boils down to handing control over the most trusted node in the system, or a group of them that will never dissent. As such, you have lost decentralization, and your network is thin, and xenophobic. Not good for business.

2) You are delusional.

If you assume your web of trust can be corrupted, then you need a mechanism to detect corrupt votes. In your outlined system, I discern 2 ways to do so:

1) 1 vote, 1 node. Vulnerable to swarms

2) votes are weighted by trust of the emitter. Inviting representative democracy into the system, worst case scenario would be complete centralization of the system, as the trustee group can reject actions from anyone at a whim.


Doesn't work like this. If that gigantic group's action affects the value of the same commodity by being part of the network, your wealth is effectively in the palm of their hands. There can't be several trust groups within the same network because they both affect the face value of your commodity. If entry in the network is submitted to the rules of the trust group, same problems as above apply.


Effectively centralizing the decision making once again. The same trustee group that watches over block chain corruption can corrupt it to its benefit. Also your system lacks a mechanism to discern which chain is the valid chain. Lacking such feature, a swarm can support a fake chain and screw over anytime.

goatpig:
I think you aren't exactly understanding the proposal.
You have a list of nodes that you trust. These guys are the only ones who's vote you listen to. The idea is that if there are enough people you trust online it can't be compromised. A good amount of nodes you trust will be online at any given time. So they will see first hand if transactions should be added to the ledger or not. You are not relying on who they are trusting in turn if that is what your issue is.

People publish their node's public key you can add it to your client if you want. There are enough people even on this forum I would add. Keep in mind that you don't really have to trust them. You just have to trust that >50% of them wont be working together for some nefarious purpose.

This scenario wouldn't be two competing ledgers it would be a ledger that is trusted by 99% of the legit nodes and a ledger held by a million fake nodes that no one trusts. You aren't the only one that wouldn't believe their BS ledger. No one legit would. So they aren't really a "part of the network."

It is the same thing going on right now with bitcoin we are all implicitly saying we trust deepbit, artforz etc.
In the new system you would just add them to the your list of trusted nodes if you wanted.

If you still don't see how it would work could you please describe a specific attack that would compromise it?


BitterTea:
 Yeah I have a method but I want to make sure there are no holes in this first.

It sounds somewhat like Ripple.

Satoshis original design goal was a system with no trust at all .... you just had to have confidence that "honest nodes" control most of the hash power, but beyond that you don't have to do any setup or trust anyone in particular.

Your proposed system is quite different, and relies heavily on trust networks. It would be quite hard for somebody who just found out about it via reading Forbes or whatever to get involved because they wouldn't be likely to know anyone who they could configure their software to trust.

I'm not saying it's a bad design, just that it has very different tradeoffs to Bitcoin.

What is and is not considered waste is in the eye of the beholder.

Mike Hearn:
A new person could run the client fine. You don't have to enter in anyone that you trust to use it. You only need trust to resolve issues when there are two competing ledgers. And that should be a very rare event.

Yeah I know but that isn't actually how it turned out. Like I mention above we actually are trusting the big miners and also trusting that some government or corporation doesn't stick in X million of hashing power and compromise the network. I feel like this system is actually more secure.

I actually don't think it has different trade offs. Is there some other advantage to the current bitcoin that I'm missing?

If I don't have to choose who I trust then how do I know what I see on the screen reflects the same reality other people see? In particular, if I want to become a merchant, how do I stop somebody from connecting to my node and feeding it fictional transactions that show me being a millionaire?

Currently I don't really have to trust any miners. According to the bitcoinwatch site, no pool has even 40% right now, and in the long run I expect mega-pools to be even less common. If somebody were to reverse a transaction everyone would see it and then I might re-evaluate, but currently I can connect any random node, download the chain and be absolutely sure I'm on the same page as everyone else.

You would need not just 50% of the world's hashing power, but closer to 95%+ of it if you wanted to pull off any meaningful BTC scam.  That means you would need twenty times more hashing power than the rest of the world combined.

Mike Hearn:
If you want to become a merchant yes you should enter in some nodes that you trust. If you are just a random person checking out the software then there is some bootstrapping process (like there is for bitcoin) that gets you connected to the network. At that point everyone you connect to will tell you the hash of the current ledger. If you notice a discrepancy then yes you will have to jump through some hoops. Come to the forum and ask for a list of trusted nodes or something. But again this level of trust is very low. You could pick 100 random forum users and be fine.

You don't have to trust a particular miner but you do have to trust that artforz and deepbit aren't conspiring. Which is analogous to having to trust that more than 50 of the random forum users you picked to trust aren't working together.

kjj: I don't think so. You can steal the vast majority of blocks from then on by storing up blocks you generate and release them only when someone else also solves one. Not sure if you consider that meaningful or not. (There was some long ago thread about this that I can't find now) You could double spend by getting one block ahead of the good network and then just stay ahead until you are ready to drop your one block longer chain.

+1 & MajorRespect x 10^~ to jed for reviving this topic!

No matter how power efficient the ArtForz farms will be, they will continue to create more and more environmental pollution simply to do complex busywork. Worse than that: they will continue to centralize the control and wealth in the fairytale world of "decentralized Bitcoin" around the biggest concentrations of greed, just as the current banking systems do...

I also for once agree with BitterTea that "...the future will most likely look nothing like the present." If something like what jed is proposing is unworkable, i think the future is with a block chain or whatever chain that comes with an API into which any entity can throw its large computational problems.

In addition to the relatively trivial tasks of "processing financial transactions" and creating the money supply, such a system might reward the p2p nodes at a variable, difficulty-based rate for solving the milestones of the computational problems constantly being fed into the API from any entity that needs the computing power.

It might be kind of like Folding@Home for profit, and not just focused on a single problem. It would be a complex system, but so is the modern monetary system, or a modern computer compared to an abacus, or an ArtForz farm of optimized abacuses that we have now...  :D

At least such a mining system would work on useful problems, rather than just harnessing greed to create a controversial, pseudo-decentralized monetary system, along with so much heat and electrical power plant emissions... ;D

So Big-Up-Yo-Self to jed and to all who wish to fundamentally improve on the wastefulness of the Bitcoin system! :D

It is not wasteful, it is maybe less efficient than other solutions.

Do you consider gold or diamond mining (above that necessary for industrial use) wasteful?

No thanks, Dude!  ;D I am not going to load up an important thread like this with the noise of debating Madison-Avenue euphemisms, just so i can become a "Hero Member" with Superglobalistic Moderator on top... :D

We all know what and which way the GPU fan winds are blowing... ;)

The time to find a block is not a linear function of your hashing speed, it is a probabilistic process.  Having 10% more power than the other guy doesn't mean you find blocks 10% faster, it means that you have a ~5% chance of finding it before him.

Say that you fraction of the global networking power is X, where 0 <= X <= 1;

The probability that you will be able to do this for one block is X
The probability that you will be able to do this for two blocks is X^2
The probability that you will be able to do this for three blocks is X^3
The probability that you will be able to do this for four blocks is X^4
Etc...

Actually, those are the high end estimates.  In reality, you will need another factor, Y, to correct for the portion of the network that believes in the attack chain.  Over time, Y will get smaller and smaller.

Since this topic keeps coming up over and over again, I'm going to propose a potential solution: every time a node reshuffles, they should make a note of which peer it came from.  More than three reshuffles from the same peer in like 24 hours, and that node is dropped.

Interesting proposal.  I think that this requires it's own thread, to discuss how to do this.

Agreed.

kjj:
So let's assume an attacker controls 60% of the network.
He makes a big transaction that is sent to the whole network.
He stops generating blocks on the legit network.
He now starts generating a new chain without the large transaction but not sending it to the rest of the network.
His fake chain will eventually grow longer than the real chain.
At some point of his choosing he publishes his longer chain to the real network.
The fake chain is now accepted as real since it is longer.


This doesn't help. It is trivial to just send from a new peer.

The (non-existant, we really need a programmer to develop this) 'blockchain watchdog' process would ringing alarm bells after the 60% miner had left the network.  Whether that mattered would depend upon what the rest of the network does once the watchdogs are barking.

only if you count the number of guns necessary to force us to act as if fiat is a good store of value, and the salaries necessary to pay the thugs and pump out the propaganda, etc. 

Are you spying on me? (wait, I guess not since you don't know what I'm doing). I give loans. Loans don't cause bailouts anymore than shoes cause dancing.

The attacker doesn't need to be part of the honest network before launching an attack at all, so you would not see a sudden drop in hashing power. A longer chain would just appear out of nowhere.

Once some group controls more hashing power that rest of the miners combined, bitcoin reality is exactly what they want and nothing else (can't do anything that would invalidate blocks in the eyes of honest nodes, like change block reward etc). If they are honest, then no problem, but if they want to attack the network, they can just grow their own chain, refuse the blocks generated by honest nodes, but force honest nodes to accept attackers block. Honest nodes can't differentiate between attackers blocks and honest blocks (because they are decentralized), while attacker knows which blocks are which. It doesn't matter if honest nodes get ahead for a while. Attacker will always catch up, and all the work honest nodes have done would be replaced with the attackers "reality".

This idea of a watchdog system is nice, but I'm not entirely sure how much it would help if someone truly has a majority of the hashing power. I mean, even if you knew with 100% certainty, that someone is attacking the network with a majority hashing power, and maybe even how and when it's going to happen, what is the mechanism that would be used to prevent the attack in a decentralized system like bitcoin? Like you said "Whether that mattered would depend upon what the rest of the network does once the watchdogs are barking". I'm not sure there is anything they can do, without giving up the decentralized nature of bitcoin.

Bitcoin is secure "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network", but not a second longer.

There are a number of things that live operators can do to inhibit an attack under way, not the least of which is to bring more hashing power to bear.  An attacker coming in unannounced with blocks would cause a significant revision on the blockchain, not something that can be stopped, but it's a huge red flag.  A watchdog process could alert users to an attack underway, and any commerce site using bitcoin in any automatic fashion should immediately suspend trade to protect themselves.  Also, nodes are not anonymous to each other.  It's not trivial, but it is possible to determine from where the new blocks came from.  Also, and attacker coming in from outside the network needs at least as much hashing power as the whole honest network, not just 50%.  Just having a simple majority of the hashing power is only enough to make the attack possible, it doesn't make it easy.  To build a chain in the dark, the attacker must have significantly more than the whole of the honest network in order to build his dark chain fast enough to get back far enough to overwrite his intended target block.

Who has that kind of hashing power just waiting to be used with a push of a button? Perhaps in future someone with vested interest in protecting bitcoin and hardware that is regularly used for something else? Ok, I can see that happening, but almost any other action you can take when the watchdogs are barking requires choosing the valid block chain with some other criteria than which one is the longest.


Really? How?


That's true if the attacker retroactively decides to rewrite some past block. What I was talking about was, when double spend (or some other attack) is planned in advance, and the attacker starts hashing the dark chain from the same block as honest nodes.

I'm not at liberty...

It's generally true.  It's not so straight forward.

creighto: Even if you are correct that there is some hidden pool of mining waiting to be put online it doesn't change my original point that bitcoin as it is now depends on everyone trusting a few random people. We are implicitly trusting a couple large miners and a couple pools and your secret hasher.
My argument is that we might as well make this trust explicit. It will be much more efficient, and way more secure.

There's no way this would be more secure. Under your system, somebody needs to (1) somehow find out who your "friends" are (who you trust) and (2) make 50% of them dishonest. Under bitcoin, somebody needs to make 50% of everybody dishonest.

trippy: If you follow the thread you see that in bitcoin you don't need to make 50% of the bitcoin users dishonest. There are maybe 3 people that need to colude to break bitcoin or more likely 1 government.
In this proposal you could pick 100 or 1000 random forum users and you would be *way* safer. If you bothered to be more discriminating and actually picked people you knew you would be even safer still.

Also there isn't a way for someone to figure out who you have chosen to trust. (Trust is the wrong word. These are people you don't think are working together. You can actually choose all people taht you know are corrupt as long as they aren't colluding)

OK 50% of the computers. But the mining difficulty continues to go up all the time.

Nobody wants to go through the forum and select random users, and yet as soon as you program a computer to do it, people will figure out a way to game it and make it choose untrustworthy users. You seem to require ordinary users to use trust systems, but these have never yet caught on.

I largely agree with Mike Hearn here. Maybe you should have a look at Ripple.

PS Good luck figuring out how the money is initially distributed and later minted.

These probabilities mistakenly assume that the attacker always builds on the last block.

However, the attack is, as satoshi discusses in his paper, to pick some block to build on and stick to it. If X>0.5 you can cut a branch however long you want, given enough time.

For example, if X=0.6 and you want to cut 10 blocks, after some time period the attacker will find 33 new blocks while the honest network only finds 22, making the attacker's branch win.

Bumped in to this old thread. This was probably the starting point for Jed's projects Ripple and now Stellar.

Yes. This is a valuable piece of history now!

Agreed. Now stop scamming people with that Ripple and XRP nonsense.

If Democracy is subject to a 51% attack  how did Donald Trump win with 62.7m  vs 65.3m for Clinton?
The answer is:       hint I know the answer


All POS coins are simply unlicensed banks issuing coins backed by nothing.
At least POW coins are back by hard 'iron'  machines that serve a useful purpose  they convert electrical power to coins.
The world wide grid needs the ability  to shunt excess power. Rainy season  next to a hydropower plant is one example.
ie you do not shut the river off  so what do you do with  1000MegaWatts of excess power.  The answer is sell it cheap to a bigass mining farm so the power is not wasted.


Due to Pow coins ability to stablize the power grid world wide they will continue to exist for years to come.