Majere.  (He still shows up in the send list when I use the burst wallet.)

Has there been any work on the development environment for AT?  The spec at CIYAM seems very low-level.

Is a crypto API going to be added to it?  Doing crypto using the AT instructions would be very expensive.

How does the AT code interact with reward assignment?  Vitalik Buterin thought up a mining contract where the terms of mining would be very enticing, and would lock participants' coin into the contract using a heavy penalty once the mining pool controlled more than 50% of the hashing power, giving the controller of the contract the power to double spend.  Such a malicious arrangement could be simplified if AT code can automatically set reward assignment.

It would be great to see the source code for the AT branch of burstcoin.  Is it available anywhere?

I ran into a similar problem recently... seems to be corrected when I reboot (verified over three reboots, now.)  I haven't figured out why yet, doesn't seem to be  clockskew or the drives getting  slower the longer the system is up...

dcct-miner on Ubuntu Trusty

Hmm, you make a strong case...

Cool.  I don't have a windows machine, though.

What's the best linux solo miner, these days?  I'm seeing pretty poor peformance with dcct-miner, and I'm looking for some other miner to provide a basis for comparison.  I've averaged about a block a day from 38TB of plots.  It's taking about 110s to read the plots in, which has been typical for a few weeks.  (I know, I should optimize... I'm getting there...)

This is the distribution of delays I've seen over the last three days.

I'm pretty sure that for $50M you could 51% bitcoin.  Last time I calculated it, the cost was around $100M if you paid retail for the ASICs, and anyone with that kind of money could fab them for much less.

That's not to say the oligopoly isn't a weakness, but the attack will come in some subtler way.  The State Department didn't buy PayPal in order to shutdown payments to Wikileaks, they just claimed Wikileaks is a criminal organization, implicitly threatening to punish PayPal  for Wikileaks transactions.  If you ever see mining pools refusing to record some form of transaction, probably something like that will be going on.

mczarnek, have you seen this exchange with Luke-Jr?  It may answer some of your questions.



Still working on the ASIC resistance.  So far, I've got an explanation of why ASIC resistance is important.   Sorry it's taking me a while.

(Meant to be read in emacs org-mode.  Lines with asterices are headings.  More asterices means lower in the heading hierarchy.)

* The ongoing centralization of bitcoin mining

** The role of mining in securing a cryptocurrency

Bitcoin's key innovation in is "mining," a way to encourage people to
make an economic commitment in order to participate in a distributed
consensus about the history of bitcoin transactions.  It's essentially a
lottery where you "buy" tickets by running a certain computation.  Each
computation generates a lottery ticket and, roughly speaking, if your
ticket has the right number you get to specify the recent transactions
which are appended to the official history in a "block."  (The official
history is usually referred to as the "blockchain.")  One of these
transactions is usually a reward to yourself, and these rewards are the
financial incentive for mining.  If you think of bitcoin as roughly
similar to a credit card system, winning the mining lottery is like
becoming the system's payment processor for a very brief period.

In terms of security, the main benefit of mining is to ensure that it's
very expensive to rewrite a transaction after it goes into the official
record.  Very roughly speaking, you would need to generate approximately
the same number of lottery tickets as all mining participants have since
the transaction was recorded.  A second benefit is that the process is
massively parallel so in principle many people can participate in it.
This decentralization makes it hard to organize collusive manipulation
of the transaction history.

** Economic incentives to centralize mining

There is a strong incentive to do the mining computations as quickly and
as cheaply as possible: The more lottery tickets ("hashes") you
generate, the more often you get the mining reward.  The equipment and
electricity required to generate hashes at a given rate are now about
100,000 times cheaper than they were when bitcoin started. These massive
efficiency gains have mostly been due to the fact that bitcoin initially
ran on commodity CPUs which a huge fraction of people in the developed
world already owned, and now mostly runs on specialized hardware which
is mostly only useful for bitcoin mining, and the fabrication of which
depends on hundreds of thousands of dollars of initial research and
development.

Bitcoin mining thus now requires capital-intensive infrastructure, and
this has predictably led to centralization, i.e. While many were happy
to try out bitcoin in the early days with their spare CPU cycles, far
fewer are prepared to commit $2900 upfront for a mining appliance on the
argument that current conditions suggest they would recoup their outlay
in 100 days or so.  Even though ever more capital is committed to
verifying the bitcoin transaction history, it is being concentrated in
the hands of fewer people.

Another factor which has contributed to centralization arises from the
extremely sporadic (though large) minining rewards.  For instance, using
the above-mentioned $2900 bitcoin mining appliance, at the time of
writing the expected time between winning the lottery (about a $10,000
payout) is about 11 months, with a 10% probability of taking over 25
months. This high variability in payouts forces a mining operation to
keep a lot of cash on hand for ongoing costs like electricity and loan
repayments.  One way to smooth this pay schedule out is to pool efforts
with other miners.  With 1000 such miners cooperating, the expected time
to payout is just 8 hours, and a cashflow of $10 roughly every 8 hours
is much easier to manage than $10,000 roughly every 11 months.  And of
course the bigger the pool becomes, the lower the variance gets, so big
pools have a competitive advantage just from their size.  

This is a powerful centralizing force which has led to the majority of
hashes being generated in the service of just four mining pools at the
time of writing.  If the four entities running those pools were to
collude, they could rewrite the transaction history.  In June 2014, one
of these pools (GHash.IO) came to control 40% of bitcoin mining power
because it used its size and connections to present a sweeter deal to
miners than other pools could.  There were widespread concerns at the
time that the integrity of bitcoin might soon depend on the sheer good
will of GHash.  Many GHash miners moved to other pools in order to
prevent that, but in doing so they acted against their own short-term
economic interests, a clear failure of the mining incentive scheme as it
was originally intended, though so far not a catastrophic one.

* Attempts to make mining less capital-intensive

The centralizing force of customized mining hardware ("ASICs") was
widely recognized fairly early, and people attempted to mitigate the
issue by developing memory-intensive mining algorithms which they hoped
would run most efficiently on commodity CPUs.  It was hoped that since
with these algorithms most of the computation time is spent keeping track
track of large, mutating data sets, custom hardware would not provide a
significant advantage compared to the memory cache on commodity CPUs.
This has worked to some extent -- for instance, the per-hash cost of
custom hardware for mining LiteCoin (the first cryptocurrency to use
such an algorithm) is only about 100 times lower than mining on a
contemporary CPU.  However, the start-up costs necessary to gain this
efficiency are still high enough to motivate intensive centralization --
such a device currently costs $1600, and three pools currently control
more than half the LiteCoin hashing power.

There are also people researching mining algorithms which are so
computationally flexible that specialized hardware just doesn't make
sense for them.  SAT...

I just want to remind you that you said you were holding on to 10k burst until you could get 800 sats a piece for them.

I'll take a crack at this.

BURST.  Completely new algorithm for securing the blockchain, based on proof of storage capacity rather than proof of computation.  Much more efficient than existing cryptocurrencies, lower marginal cost for mining, therefore lower transaction costs.  Forked from and tracking NXT, so it's got all of NXT's sophisticated transactions, as well as a few besides.

Be careful, you can still end up with a low-entropy password that way.  A machine-generated password is safer.

In this context, the details of the mining calculation themselves aren't that important, it's just that it takes substantial time to look up and process that many plots.  Knowing that you almost certainly have the best deadline means that you can get a jump start on that process.

Thanks for the thoughts about where to go next.  I may take a crack at writing an explanation about ASIC resistance at some point.

Most of the time, the attacker is going to get the best deadline on a fork, at least initially, particularly with no "Nothing at Stake" advantage, so it would make sense for an attacker to start calculating for the next fork as soon as his own best deadline is calculated.


I'd love to hear your opinions about the highest priority extensions needed in burst and the burst ecosystem.

This is not "Nothing At Stake."  That is an attack which can only work on a Proof of Stake currency (I know NXT has some defense against this.)  The idea is that since the mining process verifying the blockchain only requires a commitment of the currency the blockchain is tracking, it costs you nothing to mine on all current forks, giving a forking attack a substantial advantage.  That can't happen in a mining process which requires an economic commitment external to the blockchain.  Buterin is the guy to read about this.

That's a good point.  How about a second login field where the user password is used to unlock a wallet in local storage containing a high-entropy machine-generated password, and making that the default for creation of new accounts?  And deprecating the existing login field with lots of scary warnings about easy passwords, adding a basic password checker to it, and a warning that acceptance by the checker is only the weakest possible assurance of password security?

I just broke the "send message" dialog by including an apostrophe in the transaction amount field (by copy/pasting the account balance and then reducing it slightly.)  The dialog has hung for over five minutes, saying "Submitting."

Would there be any interest in including something like http://www.passwordmeter.com/ into the passphrase pages along with some warnings and links to past thefts, to really beat people over the head with the importance of choosing a strong password?

I think this is the relevant patch.


Come-From-Beyond claims that there were a number of deliberately-introduced vulnerabilities in the original NXT source code, to deter NXT clones.  It sounds like an incredibly irresponsible thing to do, but there it is.  Supposedly they're all patched, now.  Someone here probably knows the date of the last such patch... the NXT source should be checked for  patches to any vulnerabilities reported prior to that.


People should panic-sell.  Just let me in on the bargain-basement prices. :-)

By random, do you mean randomly machine generated, or chosen manually by you?



It looks like you have recently had security issues.  What steps have you taken to mitigate them?