I will start by examining the Cryptonote Penalty Function for oversize blocks. This is critical to understand any form of spam attack against a Cryptonote coin. From the Cryptonote whitepaper I cited above the penalty function is:

Penalty = BaseReward (BlkSize / M_N - 1)²

The new reward is:

NewReward = BaseReward - Penalty

Where M_N is the median of the blocksize over the last N blocks
BlkSize is the size of the current block
BaseReward is the reward as per the emission curve or where applicable the tail emission
NewReward is the actual reward paid to the miner
The Maximum allowed blocksize, BlkSize, is 2M_N
The penalty is only applied when BlkSize > (1 + B_min) M_N Where 0 < B_min < 1 In the Cryptonote whitepaper B_min = 0.1.
 
The error in the Cryptonote Whitepaper was to set NewReward = Penalty

For simplicity I will define:
BlkSize = (1+B) M_N
BaseReward = R_base
Penalty (for a given B) = P_B
NewReward (for a given B) = R_B

The penalty for a given B becomes:
P_B = R_baseB²
While the new reward for a given B becomes:
R_B = R_base(1 - B²)
The first derivative of P_B with respect to B is
dP_B / dB = 2R_baseB

In order to attack the coin by bloating the blocksize the attacker needs to cause at least over 50% of the miners to mine oversize blocks and for an expedient attack close to 100% or the miners to mine oversize blocks. This attack must be a maintained over a sustained period of time and more importantly must be maintained in order to keep the oversized blocks, since once the attack stops the blocks will fall back to their normal size.  There are essentially two options here:

1) A 51% attack. I am not going to pursue this for obvious reasons.

2) Induce the existing miners to mine oversize blocks. This is actually the more interesting case; however after cost analysis it becomes effectively a rental version of 1 above. Since the rate of change (first derivative) of P_B is proportional to B the most effective option for the attacker is to run the attack with B = 1. The cost of the attack has as a lower bound R_base but would be higher, and proportional to, R_base  because miners will demand a substantial premium over the base reward to mine the spam blocks due to the increased risk of orphan blocks as the blocksize increases and competition from legitimate users whose cost per KB for transaction fees needed to compete with the attacker will fall as the blocksize increases. The impact on the coin is to stop new coins from being created while the attack is going on. These coins are replaced by the attacker having to buy coins on the open market in order to continue the attack. The impact of this is to further increase the costs to the attacker.

It at this point where we see the critical importance of a tail emission since if R_base = 0 this attack has zero cost and the tragedy of the commons actually occurs. This is the critical difference between those Cryptonote coins that have a tail emission, and have solved the problem, such as Monero and those that do not, and will in a matter of time become vulnerable, such as Bytecoin.

You're suggesting mining is (or can be) free? That's absurd. Even if it were free, this attack still costs you the reward.

PoS(hit) can never be secure, because if it has a functioning markets (which it must in order to be widely adopted and liquid), then one can borrow stake, attack the coin (which requires much less than 51% to for example delay transactions by some N blocks where N is a function of percentage of coin supply held), and then pay back the borrowed coin with cheaply bought coin as the price collapses due to attacks. You could simultaneously short it (i.e. which you did when you borrowed the coins, but sell some for fiat before you attack) for profits. Alternatively borrow fiat (or other cryptocoin), buy stake and short to profit and pay back loan. Also PoS can't distribute new coins, thus eventually the coin supply shrinks asymptotically to 0.

With PoW, your borrowed mining hashrate would eventually reach end of contract and the coin would repair itself. And you'd need much closer to 51% to do damage. You would hope to be able to purchase the coin at cheap prices, wait for it to rise back up and then sell it for fiat to pay back your loan. Much less plausible.

However if you are up against the corrupt State that charges cost of PoW mining to the collective, then we're screwed with profitable PoW also, except I have the idea to use the unprofitable PoW of every person's computer in the world (with latency preventing them from farming out to ASIC), which seems might be even too much of an expense for China to hide the subsidization of.

You clarified and refined the explanation and conceptualization, or at least brought it to my attention again, which is why I credited (and thanked) you for focusing me on that again in my Decentralization thread.


If I understand correctly that by "burn coins to the penalty", you mean that miners will create fake transactions to themselves? Thus the cost of the penalty is being charged to the miner who can't generate fees from himself.

But that is incorrect rationale, because your and my entire point has been that the Tragedy of the Commons is due to market demand for scaling, then the block size is unbounded. Your (and my) entire point was that without any bound, then transaction fees would trend towards 0 and thus an oligarchy MUST form because verification is not only not free, but more saliently verification is less profitable any miner that has less hashrate than the other miner who has the most hashrate (since all miners have to verify the entire block chain and thus verification costs are the same for all full nodes and have to amortized over income from blocks).

Thus you've accomplished nothing in terms of the fact that verification will centralize.

I explained in this thread starting from first principles as to why the abstract Byzantine Generals Problem can't be solved decentralized. Period!

Thus that guarantees that it doesn't matter how you try to obfuscate this reality in numerous technobabble. smooth is incorrect to question whether Bitcoin is directly correlated to the BGP. I could explain that too, but I grow weary of foruming.


The base reward not going to zero does nothing to solve the Tragedy of the Commons, as explained innumerable times by me and reexplained again above.


No I wrote what a 51% attacker could do to game theory Monero's penalty algorithm and I said otherwise if you make N too small in Monero's penalty algorithm, then a < 50% attacker can win more than N blocks with some probability.


Again you are not addressing that the Tragedy of the Commons is due to market demand for scaling, not from the miner creating transactions to himself. Thus the rest of your logic is inapplicable.

Your error is of course as I already stated, that transactions can grow unbounded due to market demand for more transactions, and since the Monero block size limit is bounded by the market demand as you have admitted, then it is unbounded.

Thus fees (not block reward) will trend towards 0 because no miner can enforce a bound on the block size so the miners will compete with each other to provide the lowest fees since there is no limit on the number of transactions a miner can put in a block (i.e. the payer can send a transaction with lower fees and wait some extra confirmations until the miner with lower fees wins the block).

But as I already stated, this means those miners with more hash rate will have higher income than those miners will less hashrate, yet all miners have the same verification costs. Thus mining will centralize to an oligarchy. Satoshi put a 1MB block size limit to keep verification costs much lower than the block reward, so that Bitcoin would not centralize too quickly.

I rest my case. Monero has not prevented the Tragedy of the Commons. Please don't make me explain it again.

My logic has nothing to do with the miner paying a penalty.

Per the math I replied to, the Monero penalty is based on exceeding the median of recent N blocks. Since (as you claim, but see Edit below) that median will scale over time to match the market demand for transactions thus no penalty will be incurred for adding all the transactions, then verification costs will eventually cost more than or a significant portion of the tail emission block reward as transaction volume scales. The point is there is no bound on transaction volume.

Thus the logic I stated takes over (where lower hashrate miners are unprofitable and centralization is forced economically):


Please check your logic more thoroughly before responding. Because you are incorrect. So find your error before posting please.

Edit: my point about transaction fees trending towards 0 is correct but not necessary for my argument as explained above. The reason txn fees trend to 0 despite Monero's penalty for creating blocks which exceed the median of recent N blocks is that payers can send the txns with the lowest fee that any miner will accept.  Thus Monero's block size will trend to 0 if the penalty feature works as designed.

So either txn fees trend to 0 or block size trends to 0.  

Sorry you can not defeat the fundamental fact that decentralization can't have a solution to the Byzantine Generals Problem. That is fundamental and inviolable. Waste years of your life, but you will still never defeat Physics and the fact that the speed-of-light isn't infinite.

Edit#2: you will probably think that payers will increase their txn fees so that their txn gets added to a block because miners aren't motivated to add too many transactions to incur the penalty (for miners that accept lower txn fees than the other miners which drive the median block size). But some of the txns will get added which have this lower txn fee, but payers can only be sure their txn is added timely if they pay the maximum txn fee that any miner requires (or some amount higher than the lowest fee), thus the miner may be able to afford to pay the penalty by including these extra transactions thus driving the median block size upwards over time and thus eventually driving the txn fees to 0 (the point is miners have no incentive to exclude txns with any level of txn fee when it doesn't cost them anything to add a transaction to block thus the trend will be ever lower and lower txn fees ... the entire point of my rebuttal to your math is what your penalty algorithm does not reach equilibrium). Which was my point that the penalty feature of Monero will not work as intended. But if it does work, it will drive the block size to 0. There are many other scenarios but they all have failure modes (analysis by case enumeration is very piss poor methodology to do academic work, rather I have started from first principles to show abstractly that no decentralized solution to the BGP can possibly exist). So choose your poison because there is no way to escape the problem that verification MUST be centralized in order to solve the Byzantine Generals Problem.

Let me take a stab at explaining for laymen, my debate with ArticMine.

Monero has a feature that charges a penalty deducted from the coinbase block reward (e.g. analogous to the 25 BTC per block reward in Bitcoin). The Monero penalty is calculated based on how much larger the block is relative to the median of the preceding N blocks. The intended effect of this feature is that block size will scale to market demand without any Tragedy of the Commons collapse into dysfunctional/degenerate outcomes. Note miners also earn income from transaction fees, so we have to analyze the complex interplay (i.e. game theory and any Nash equilibrium) between Monero's penalty algorithm, block size, block reward, and transaction fees, as well as any costs (see next paragraph).

Bitcoin has “scalepocalypse” Tragedy of the Commons collapse into dysfunctional/degenerate outcomes as transaction volumes scale up, because either:

• There is a block size limit and thus transaction fees will rise to the level of transaction values as transaction volumes far exceed that limit, in order to prioritize which transactions don't fit in the limited sized blocks.
  
  
• Or block size would be allowed to have no limit, in which case transaction fees will decline to the cost of verification (the cost for the miner with the most hashrate!) since in the absence of a block size limit the miners have no incentive to not include transactions which provide some more income per block (regardless how small that income per transaction is for as long as it exceeds costs). Note the bandwidth/propagation delay cost argument is moot because again the miners with most hashrate have the lowest bandwidth/propagation delay cost and they set the lowest transaction fees since they have the lowest costs[1] (readers thus note these issues are very complex and requires to have many variables in one's head at the same time to give a correct holistic analysis). The unbounded block size case leads to an oligarchy of the monopoly on hashrate so those in the mining cartel can have pricing power and also because (as I explained in the prior sentences) those who have more hashrate also have lower costs, thus they over time aggregate more hash rate than other miners (because they are more profitable).

The simplest rebuttal to ArticMine is that if the penalty feature of Monero works as intended so as to allow the block size to expand to the market demand for transaction volume, then the “scalepocalypse” Tragedy of the Commons collapse economics that I explained in the prior paragraph for the case of unbounded block size also applies to Monero. Monero's penalty feature only prevents a miner from bloating the blocks with fake transactions paying to themself (because the miner would have to pay the penalty for exceeding the median block size, but is receiving no transaction fees to pay for the cost of the penalty from fake transactions); and Monero's penalty feature is intended to scale block size to actual market demand.

Thus I have explained there is no Nash equilibrium in Monero's penalty feature (unlike for Satoshi's longest chain rule where there is indeed a Nash equilibrium because if miners don't converge on the longest chain then all their chains are invalid/orphans and worthless without consensus). ArticMine is probably thinking that since miners have different costs, the equilibrium point for transaction fees will be the weighted average but I have explained the holistic economics by which this weighted average is driven by the costs of the largest hashrate miners until they control all the hashrate[1].

If one instead assumed that ALL (or nearly all) payers will choose to wait for the lowest cost miner to win a block (and include their transactions, i.e. queueing up in a line that grows longer and longer) and thus set their transaction fees accordingly, then Monero's penalty feature would force the block size to trend to 0. I of course don't think payers will do this, thus I stated that either the block size trends to 0, or the block size scales to market demand. But per the prior paragraph, when the block size scales to market demand, then the transaction fees decline to the lowest cost miners over time (which is essentially trending to ~0), and thus the largest hash rate miners will be incentivized to form an alliance so they can have some pricing power over transaction fees.

Monero has solved nothing and has the same insoluble “scalepocalypse” Tragedy of the Commons collapse economics as Bitcoin.

Btw, I know how to solve this problem and the solution will be in my coin. Iota appears to have solved this problem as well, but my analysis concludes Iota will fail to converge without centralization of the system as well. The only distinction of what I am proposing to do in my coin is that the verification cost centralization is under the control of decentralized payers. Iota can't do this because  if the payers don't stay with the same centralization, the convergence is lost. Whereas, in my coin design the payers can move their PoW shares at any time, because my design has a longest chain rule.

[1]

This is mathematically unarguable for payers willing to wait for their transaction to be confirmed until the largest hashrate miner wins a block. It is also true in that the transaction fees are set by a weighted average of frequency of block wins by miners according to hashrate. And since I explained that miners with more hashrate aggregate more hashrate over time due to having lower costs, then the long game centralization/domination of transaction fee weighted average trend is unarguable as well.

---

The underlined portion was refuted above.

Now I will address your abstract theoretical errors in the non-underlined portions quoted above...

The Nash equilibrium failures of PoS are caused by the fact that the centralization is in the stake. What I showed abstractly in this thread is that every BGP solution will have some element of centralization, because BGP can't be solved without a reference point because otherwise there is no objective reality.

The longest chain rule employing external entropy from PoW provides no reference point other than the longest chain. As I explained to smooth and monsterer, so any attributes that can't be detected from the LCR, e.g. whether the coin is under 51% attack doing double-spends or censoring transactions, thus can't be objectively known/proved so that all observers agree (i.e. these attributes are undecidable).

Thus Satoshi's LCR employing PoW does not solve BGP and can't solve it without some centralization. Period!

The key insight is to control how and where the centralization will be in the system. The error Bitcoin and Monero have made is the centralization is out-of-control of the payers. I have fixed that.

Thus the abstract BGP analysis does apply to the conclusion that Monero (and Ethereum) have deluded themselves into thinking they can avoid centralization and instead gets centralization in a way they did not want.

Sorry you were wrong on every single point you wrote.


Edit: PoW LCR is necessary to enforce the following conditions assumed by BGP that don't exist in a decentralized network otherwise (but again there is no objectivity other than the Nash equilibrium of the longest chain):

I will start by examining the Cryptonote Penalty Function for oversize blocks. This is critical to understand any form of spam attack against a Cryptonote coin. From the Cryptonote whitepaper I cited above the penalty function is:

Penalty = BaseReward (BlkSize / M_N - 1)²

The new reward is:

NewReward = BaseReward - Penalty

Where M_N is the median of the blocksize over the last N blocks
BlkSize is the size of the current block
BaseReward is the reward as per the emission curve or where applicable the tail emission
NewReward is the actual reward paid to the miner
The Maximum allowed blocksize, BlkSize, is 2M_N
The penalty is only applied when BlkSize > (1 + B_min) M_N Where 0 < B_min < 1 In the Cryptonote whitepaper B_min = 0.1.
 
The error in the Cryptonote Whitepaper was to set NewReward = Penalty

For simplicity I will define:
BlkSize = (1+B) M_N
BaseReward = R_base
Penalty (for a given B) = P_B
NewReward (for a given B) = R_B

The penalty for a given B becomes:
P_B = R_baseB²
While the new reward for a given B becomes:
R_B = R_base(1 - B²)
The first derivative of P_B with respect to B is
dP_B / dB = 2R_baseB

In order to attack the coin by bloating the blocksize the attacker needs to cause at least over 50% of the miners to mine oversize blocks and for an expedient attack close to 100% or the miners to mine oversize blocks. This attack must be a maintained over a sustained period of time and more importantly must be maintained in order to keep the oversized blocks, since once the attack stops the blocks will fall back to their normal size.  There are essentially two options here:

1) A 51% attack. I am not going to pursue this for obvious reasons.

2) Induce the existing miners to mine oversize blocks. This is actually the more interesting case; however after cost analysis it becomes effectively a rental version of 1 above. Since the rate of change (first derivative) of P_B is proportional to B the most effective option for the attacker is to run the attack with B = 1. The cost of the attack has as a lower bound R_base but would be higher, and proportional to, R_base  because miners will demand a substantial premium over the base reward to mine the spam blocks due to the increased risk of orphan blocks as the blocksize increases and competition from legitimate users whose cost per KB for transaction fees needed to compete with the attacker will fall as the blocksize increases. The impact on the coin is to stop new coins from being created while the attack is going on. These coins are replaced by the attacker having to buy coins on the open market in order to continue the attack. The impact of this is to further increase the costs to the attacker.

It at this point where we see the critical importance of a tail emission since if R_base = 0 this attack has zero cost and the tragedy of the commons actually occurs. This is the critical difference between those Cryptonote coins that have a tail emission, and have solved the problem, such as Monero and those that do not, and will in a matter of time become vulnerable, such as Bytecoin.

You're suggesting mining is (or can be) free? That's absurd. Even if it were free, this attack still costs you the reward.

PoS(hit) can never be secure, because if it has a functioning markets (which it must in order to be widely adopted and liquid), then one can borrow stake, attack the coin (which requires much less than 51% to for example delay transactions by some N blocks where N is a function of percentage of coin supply held), and then pay back the borrowed coin with cheaply bought coin as the price collapses due to attacks. You could simultaneously short it (i.e. which you did when you borrowed the coins, but sell some for fiat before you attack) for profits. Alternatively borrow fiat (or other cryptocoin), buy stake and short to profit and pay back loan. Also PoS can't distribute new coins, thus eventually the coin supply shrinks asymptotically to 0.

With PoW, your borrowed mining hashrate would eventually reach end of contract and the coin would repair itself. And you'd need much closer to 51% to do damage. You would hope to be able to purchase the coin at cheap prices, wait for it to rise back up and then sell it for fiat to pay back your loan. Much less plausible.

However if you are up against the corrupt State that charges cost of PoW mining to the collective, then we're screwed with profitable PoW also, except I have the idea to use the unprofitable PoW of every person's computer in the world (with latency preventing them from farming out to ASIC), which seems might be even too much of an expense for China to hide the subsidization of.

Bumping up against the hard limit is probably wastefully expensive for this "attack"

[...]mining equipment next to a hydropower plant with 2 - 4 cents electricity or for that matter perhaps free subsidized electricity in corrupt environs such as China[...]

Unfortunately you deleted a post where I added the information that I was already aware of his thought process and making it known that it is an irrelevant thought process. The point is that Bitcoin is still in beta and yet went from 10,000 BTC per pizza to $1000 per BTC due to marketing (who cares that Satoshi wasn't the one who did the marketing). And besides no one can know what Satoshi contemplated on the marketing or to what degree he has been involved behind the scenes.

Edit: Satoshi was marketing in the white paper. He pitched it as a better gold, obviously knowing what this would do to the overlap between Libertarian goldbugs and technophiles.

I will start by examining the Cryptonote Penalty Function for oversize blocks. This is critical to understand any form of spam attack against a Cryptonote coin. From the Cryptonote whitepaper I cited above the penalty function is:

Penalty = BaseReward (BlkSize / M_N - 1)²

The new reward is:

NewReward = BaseReward - Penalty

Where M_N is the median of the blocksize over the last N blocks
BlkSize is the size of the current block
BaseReward is the reward as per the emission curve or where applicable the tail emission
NewReward is the actual reward paid to the miner
The Maximum allowed blocksize, BlkSize, is 2M_N
The penalty is only applied when BlkSize > (1 + B_min) M_N Where 0 < B_min < 1 In the Cryptonote whitepaper B_min = 0.1.
 
The error in the Cryptonote Whitepaper was to set NewReward = Penalty

For simplicity I will define:
BlkSize = (1+B) M_N
BaseReward = R_base
Penalty (for a given B) = P_B
NewReward (for a given B) = R_B

The penalty for a given B becomes:
P_B = R_baseB²
While the new reward for a given B becomes:
R_B = R_base(1 - B²)
The first derivative of P_B with respect to B is
dP_B / dB = 2R_baseB

In order to attack the coin by bloating the blocksize the attacker needs to cause at least over 50% of the miners to mine oversize blocks and for an expedient attack close to 100% or the miners to mine oversize blocks. This attack must be a maintained over a sustained period of time and more importantly must be maintained in order to keep the oversized blocks, since once the attack stops the blocks will fall back to their normal size.  There are essentially two options here:

1) A 51% attack. I am not going to pursue this for obvious reasons.

2) Induce the existing miners to mine oversize blocks. This is actually the more interesting case; however after cost analysis it becomes effectively a rental version of 1 above. Since the rate of change (first derivative) of P_B is proportional to B the most effective option for the attacker is to run the attack with B = 1. The cost of the attack has as a lower bound R_base but would be higher, and proportional to, R_base  because miners will demand a substantial premium over the base reward to mine the spam blocks due to the increased risk of orphan blocks as the blocksize increases and competition from legitimate users whose cost per KB for transaction fees needed to compete with the attacker will fall as the blocksize increases. The impact on the coin is to stop new coins from being created while the attack is going on. These coins are replaced by the attacker having to buy coins on the open market in order to continue the attack. The impact of this is to further increase the costs to the attacker.

It at this point where we see the critical importance of a tail emission since if R_base = 0 this attack has zero cost and the tragedy of the commons actually occurs. This is the critical difference between those Cryptonote coins that have a tail emission, and have solved the problem, such as Monero and those that do not, and will in a matter of time become vulnerable, such as Bytecoin.

Marketing an unfinished product for a unknown brand is suicide on a worldwide stage.

Have you ever heard of the concept of self-deprecating humor?

It is known to be a way to be an outlet for stress and for (mice and) men to realize they aren't as self-important as they think they need to be.

Will you ever mature and learn to be a sociable human being?

(smooth is in a difficult political position because of assholes like you but I warned him not to involve in coins that are marketed directly to speculators)

614 pages in this thread and which major facts were elucidated? The thread is mostly noise any way.

That perfect compliance is impossible isn't it, because how do you delete your public key from forums and other places it has been copied out-of-your-control. Don't tell me that the Bitcoin Wiki and the core devs never acknowledged this  

There is a way though to get perfect compliance which I am using in my design because I use one-time Lamport/Winternitz signatures (although I could use Merkel trees for multiple signatures at the cost of a just marginally longer signature) for the 20 times faster verification speed (at the cost of an exponential blowup in bandwidth at higher bit security), but this way is not encoded in Bitcoin so can't be used there.

See the following I wrote comparing Ed25519 and hash-based signatures (some info on the performance of Ed25519 also):

https://github.com/shelby3/hashsig/blob/master/DDoS%20Defense%20Employing%20Public%20Key%20Cryptography.md#public-key-authentication

P.S. if you see any improvement in my work, it will be because of improving health. I have some signs that my high dose herbal treatments (curcumim, moringa, bitter melon, mangosteen) might be working. I believe possibly (unfortunately self-diagnosis no blood work nor doctor visit since the 2012 doctor screwed me up) my health issue is a messed up pancreas or gall bladder possibly partially blocking my bile duct which would explain why I got so ill every time after I eat.

You all have no idea what it is like to have this sort of illness. Even bending down to scratch your foot becomes chore. Lifting your fingers to type on the keyboard takes a few deep breaths to gain the energy. Thinking about code becomes a chore and not a pleasant challenge. You really don't understand until you walk in another person's shoes. Any person who knows what they were capable of throughout their life and are unable to do because of some painful and chronic disability, is going to exhibit psychological stress and will attempt to cope either by going into depression or fighting back, both being a form of abnormality and dysfunction. I hope that is enough said.

It doesn't gain anything from an anonymity perspective (and is arguably retrogressive), if that is what you were thinking. We pay to a name instead of an address. The address can change and the name remains the same. For security it helps, and my greater motivation is eliminating lost payments (payments to addresses for which no one knows the private key) and overhead for microtransactions (and potentially IoT).

Edit: it is a usability feature for targeting the masses, and I think ShadowCoin has a similar feature but maybe not for the same motivations.

Is this advantage of Ed25519 over Secp256k1 negated assuming perfect compliance in avoiding BTC address reuse (since if a faulty RNG was used the balance of the at risk address would already be 0 after every transaction)?

See my critique which says those technologies can't work:

https://bitcointalk.org/index.php?topic=1319681.msg13576188#msg13576188
https://bitcointalk.org/index.php?topic=1319681.msg13580146#msg13580146
https://bitcointalk.org/index.php?topic=1319681.msg13569559#msg13569559


Here is what I am doing... (albeit I have only about $20,000 at the moment and it isn't even my money...I have roughly $0 networth...yikes  )

US Dollar until gold makes it's low March 2016 (or thereabouts and < $1000 perhaps < $850), then buy physical gold coins (not bullion!) or an ETF proxy short-term while retaining some US dollars (until as late as early 2017 before capital controls will be pervasive) and wait for the cryptocurrency arena to become more clear. There is appears to be great risk of a major implosion of crypto land.

Trade gold or dollars for crypto as the situation becomes more clear.

Of course no problem with speculation with 1% of net worth (maybe 5% total max for speculative longshots) in promising technological ventures, but don't go all-in on anything which doesn't have the momentum and clarity that Bitcoin had in late 2012 and early 2013. And don't ever buy so much of a speculative longshot, that you lose your objectivity such as what IMO has happened to some of the hardcore Monero/Aeon investors (which would force one to go around thumping their chest instead of listening and continually readjusting based on available data).

Note I probably won't buy gold because I don't have enough capital to make it worth while, can't obtain the coins in Philippines, and I don't want to re-enter a brokerage again to buy an ETF. So it will be all US dollars for me.

I do think there may be some intermediate solutions on a programmable blockchain with projects like Augur (Intrade on the blockchain), decentralized exchange

...at some point force free capital somewhere.  

Cryptocurrency is my hedge/bet on this.  Of the solutions that exist - what do you recommend?  Nothing?

My writing is very sloppy and missing words (that I hear in my head but forget to type), because I am far too overloaded due to the rate of posting and number of waking versus sleeping hours, in addition to all the other work and tasks I am attempting to do. You all simply can't expect one man to be superman. Impossible. Even the coherence of my writing and thoughts declines as the load increases. It is a documented fact that brain damage results from these sort of patterns of activity (lack of sleep, etc). Especially not good for age 50.7 and trying to cure come chronic dysfunction of the bile duct that has systemic effects in terms of chronic fatigue syndrome, peripheral neuropathy, headaches, whole body itchiness (to the point of having wounds all over my body when I scratch while sleeping) and other symptoms which mimic Multiple Sclerosis (but I now envision I don't have MS but rather the yellow stomach is more likely pancreatic or gall bladder issue, maybe cancer or blockage for other reason).

I consistently stated that I thought the capitulation low would be < $150, perhaps < $100. Last May I predicted the rise to $320 exactly and expected it could begin the decline to the expected bottom. You can find the discussion mostly in kLee's PnF thread in Speculation forum. You find there my exact prediction stating that it could rise back up to maximum of $450 (or maybe I said $400 to $500 range) before making the decline to $150. I also stated that I would be stopped out at $380 if that scenario played out and had I been short (but later I realized had I been short from $320, I would have closed my shorts in the mid-$200s as it was meandering there). The $400 - $500 level was based on some chart analysis and the details are in that PnF thread. Around August or so with the approachin 2015.75, I was on the lookout as to whether the decline to the bottom would come precipitously. But then someone shared with me a copy of Armstrong's gold report and I became  aware that the predicted low was roughly March 2016. So then I began to expect the final capitulation low would come Q1 2016. I stated this publicly. I also had more confirmation that Bitcoin was going to rise again when it meandered in the mid-$200s.

As for a double-bottom or whether the bottom with be V shaped or U shaped, I don't have any ideas other than I expect the crash of Bitcoin is going to be due to fundamentals such as the realization that the Chinese miners control Bitcoin. And thus I don't expect any quick rise back up.

Actually it is very difficult now to analyze the future of crypto. I just know I see an incredible opportunity for me given I have a design which solves these technical problems, so I need to busy coding and not posting about these matters.

Another perspective could be that Bitcoin will be centralized and the block chain size increased and that we've already seen the bottom at the V bottom dip to $150 before.

EDIT:


You mention "...a gold low.." So, in your judgement, and while aknowledging the uncertainty, do you imagine a single low / bottom by end of Q1 2016, or double low / bottom by end of 2017?

Thanks, I've been reading a bit more about it. I've been away for a while - did I miss anything in the CPU space? What do you think is the most GPU resistant PoW around now? I remember Anonymint saying he had a secret CPU PoW years ago - has he said any more?

Slowly ramping up coin distribution does seem fairer, but then a coin loses the 'goldrush' feeling that is so helpful in gaining momentum and early user adoption.

I've come to realize it's really really hard to resist GPUs.

I think an elliptic curve discussion would be on topic if we have enough volunteers both willing and competent enough to discuss it.

https://en.wikipedia.org/wiki/Elliptic_curve_cryptography
https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
https://en.bitcoin.it/wiki/Secp256k1
https://en.wikipedia.org/wiki/Schnorr_signature
https://en.wikipedia.org/wiki/Curve25519

This site offers some interesting comparisons although some of the conclusions (such as those on Secp256k1) may be controversial:
http://safecurves.cr.yp.to/

This should make bitcoin users feel better:

I think an elliptic curve discussion would be on topic if we have enough volunteers both willing and competent enough to discuss it.

https://en.wikipedia.org/wiki/Elliptic_curve_cryptography
https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
https://en.bitcoin.it/wiki/Secp256k1
https://en.wikipedia.org/wiki/Schnorr_signature
https://en.wikipedia.org/wiki/Curve25519

This site offers some interesting comparisons although some of the conclusions (such as those on Secp256k1) may be controversial:
http://safecurves.cr.yp.to/

This should make bitcoin users feel better: