I have a technical question here:

do these UASF full nodes consider the "normal bitcoin chain" but only consider *transactions* in segwit-signalling blocks, or do these full nodes consider only a segwit-signalling-only fork of the bitcoin chain ?

I mean: case A:

Only chain out there, let us assume that 7/31/2017 at midnight block 500 000 is reached for sake of argument:

suppose that the (only) chain out there is:

500 000 (segwit) - 500 001 (segwit) - 500 002 (non segwit) - 500 003 (non segwit) - 500 004 (segwit) - ....  - 503 005 (segwit) - 503 006 (non segwit) .....

Does your node accept this chain (a), but only considers transactions that happen to be in blocks 500 000, 500 001, 500 003, .... 503 005, ...

Or does your node stop at 500 002 because it is an invalid (non segwit) block (b) , and doesn't accept 500 004, because it is not the successor to the last valid block, 500 002 ?

case B:

Suppose that miners fork, and there are two chains out there, splitting at 500 001:

chain 1: 500 000 (segwit) - 500 001 (segwit) - 500 002 (non segwit) - 500 003 (non segwit) - 500 004 (segwit) - ....  - 503 005 (segwit) - 503 006 (non segwit) .....

chain 2: 500 000 (segwit) - 500 001' (segwit) - 500 002' (segwit) - 500 003' (segwit) - ....

500 000 (segwit) being the last common block to both prongs.

Will your software read only chain 2, considering 500 001 orphaned ?

Is the UASF node going to follow Aa, or

depending on whether the miners don't split, or split: Ab, or B ?

Companies, exchanges and services have nothing to do with Joe's full node in his basement, but rather with people putting money in bitcoin.  As another joker said in another thread, he's firing up 4 nodes, and is going to fire up 4 more nodes, in order to help decentralization in bitcoin  

Miners ARE sensitive to people buying their coins.  They want, logically, to optimize the extraction of value from the eco-system.  That can be by selling few coins at high value, or selling a lot of coins at lower value.  But on top of that, miners are locked up into a Nash equilibrium of steady-state.  It is not simple for them to leave the existing consensus unless they can be in a cartel and decide upon something.


Core was the central authority until a few years ago, writing the only code out there.  So there was no game theory, it was a totally centralized system until recently.    The only "game-theoretical" aspect that was in there for miners, was the signalling system, which was essentially Core taking the lead in the cartel formation.  And ONLY miners voted on signalling.  In other words, Core being the software monopolist, had total power over the rules.  

On top of that, they only used soft forks, of which it is known that a majority (> 50%) of hash rate IMPOSES the rule onto everyone.  They decided about the possible soft forks, because they had the code monopoly, that miners used too.  They were the moral authority, inherited from Satoshi.   The changes they wanted to implement, were proposed as soft forks on which a MINER signalling was applied ; when they reached 95%, the soft fork "fired", and even if a significant fraction of miners would try to step back, they were then locked into the Nash equilibrium of the new rule set.

So essentially, Core always got what it wanted ; except for ONCE: segwit.  Their tactics didn't work, the MINERS didn't signal 95%.  The former core leader, Gavin, broke the software monopoly with Classic.   These two events signalled the start of the end of the code monopoly.  From that moment on, bitcoin started to decentralize, and game theory starts to set in.  Until the block debate, bitcoin was an entirely centralized entity.


Nope.  Core decided on what to signal on, and miners voted.  No "negociations" with anybody else.  Core was used to miners just run their software and accept everything they put in there.  But the block debate showed them the end of their central power to an extend.


On the contrary, it is exactly part of the design of the system.  Consensus by miners alone, under the proposition of the central power, Core, has ALWAYS been the sole path to protocol modifications.  The "boss of the miner cartel" was Core.  The cartel voted by signalling, and that was a smart system, because their vote engaged them ; they couldn't just vote and not act, because the sole software that was out there was also the software that counted the miner votes.  Soft forks imposed the majority wish on all.  What happens now is that the miner cartel sees that it doesn't need the Core to be the boss of the cartel.

From the moment the miners don't need to run the sole Core software, core loses its central authority and bitcoin becomes decentralized ; the game theory kicks in.  Until now, it was a parliamentary monarchy, where only the King could propose laws, and the parliament (the miners) voted.  There's not much game theory in that.  From the moment the King is gone, it starts.  It is only starting now in fact.


It is maybe not the purpose, but it is the consequence.  Yes, I think bitcoin is a gigantic pyramid game because it was designed that way, even if that was not its "purpose".  It could have been different if it were designed differently.   Again the confusion between purpose and consequence.


They are "waiting" to perform a hard fork because:

1) core hasn't yet completely lost its dominance on software.  In reality, most miners wouldn't trust software on another basis for the moment.  Only Gavin was smart enough to write modifications of the code.  

2) but the principal reason is simply that miners are locked up in the Nash equilibrium of steady state.  Individually, forking off is a losing proposition.  As long as they don't form a strong cartel, they cannot change individually.

At no point, they need Joe's node in his basement for that.  The validators of miner action, are other miners.  They keep one another in check, and this is the Nash equilibrium I'm talking about.  It is only when there's a concerted effort to fork with large majority, together, that this equilibrium can be left for another one.


Indeed, the "system stops" and this is not acceptable, but it is MUCH LESS acceptable for the myriads of economic actors than for the miners.  This is why the economic actors will comply much much faster than the miners.  If the miners can find a majority agreement (cartel formation) and they ALL switch to another Nash equilibrium, the economic actors are all INDIVIDUALLY pushed to switch too.  The economic actors are NOT locked into a Nash equilibrium on the old protocol ; on the contrary, their individual switch to the new protocol is highly advantageous to them.

In fact, the FIRST SWITCHERS (of economic actors) will make HUGE BENEFITS.    The first exchange that "starts working again" will get the lion's part of bitcoin trading.  The exchange that stubbornly refuses to switch and hence cannot allow deposits or withdrawals, because it refuses to upgrade its node to the miner's protocol, will kill its business.  
The whale that has a lot of coins, will be able to transact if he upgrades to the miner's protocol ; he can only lock up his holdings if he refuses.

So the game theoretical motivations for miners and for economic actors are ENTIRELY DIFFERENT.   Miners, keeping one another in check, are locked into a Nash equilibrium ; only a concerted action (formerly done by Core, the software monopolist and central decider of bitcoin) can move them all  together to another equilibrium (change of protocol).   Economic actors, individually, have everything to gain in following the miner's protocol.  Their Nash equilibrium follows that of the miners.  They are out of equilibrium if they decide upon anything else.


Yes, that's game-theoretically to be expected IF miners can form a cartel and decide together, and IF they have sufficient code independence from Core.

This is not "me day-dreaming".  It is simple game theory.  You know that a Nash equilibrium is when every actor is adopting such strategy, that if all others were to keep their strategy, and only this actor changed, that he'd be worse off for every choice he'd make.  This is why economic actors will always follow miners and not vice versa.  A miner cannot make an individual deviation from his peers (fork off with small minority).  He has to agree with a large number of peers.  But an economic actor can switch easily.  He's in the most profitable individual position when he follows the miners protocol.  All his other choices are less profitable to him.


If a lot of miners leave the system fast, bitcoin dies.  Because of the slow difficulty adjustment.

There are many subtle ways in which miners could apply covert soft forks, getting new users to buy coins, and killing off old users.  They are not yet doing such sophisticated strategies, but it would not be difficult for them.

For instance, a soft fork could be, to always include transactions that are only, say, 20 transactions away from recent block rewards, and require higher and higher fees for transactions that are "older".  This would give a very fluid impression of bitcoin for all those buyers of newly mined coins (including fees !) ; and it would only piss off older whales or older bitcoin users, who most probably are NOT buying new coins.   As such, that strategy would induce newcomers to buy coins, and would put a lot of friction on older coins, decreasing bitcoin's velocity, and hence pumping up its price.
If you buy "new miner coins" you would have a great experience with bitcoin, and hence buy more of them ; if you have old coins, you would almost never get a transaction through, and have to pay huge fees.

In the beginning, miners could just apply those rules to their own block building, but they could even start orphaning blocks that are not complying to their rules -> soft fork, imposed by majority.  No "code change", just block selection.

I fully agree with you here ; and that doesn't even mean that segwit should be avoided - I even think segwit is a good idea ; what is a bad idea is to keep the blocks small.  Now, what's my personal opinion of whether and how bitcoin should upgrade ?  I think I don't care, but I think that bitcoin is an interesting experimental environment to observe different phenomena.

As I said elsewhere, I think bitcoin's design is broken beyond repair if one thinks it is ever going to be a daily currency, and the funny thing is that what is hailed as the most important aspect of bitcoin, namely the 21 M coin limit, is exactly what is killing it as a currency (but which has probably got it off the ground with greed).  Now, this 21 M limit is ALSO what implies difficulties with big blocks and is ALSO what is making mining a centralized business.  In fact, the big failure of bitcoin as a currency comes from this 21 M limit, and I think it is one of the fundamental "contractual propositions" of bitcoin, which is why I say: it is broken beyond repair.   If ever one wanted to repair it, one would need to touch this sacred principle, so the only thing to do is to start all over from scratch.  I'm not saying that bitcoin is going to die, it isn't.  But it cannot become a currency.  

My reasoning is as follows:

a) The limited number of coins turns bitcoin into a collectible, of which a lot of them are created when bitcoin was cheap, and of which it was to be foreseen that they could become very expensive.  This turns bitcoin into a speculative asset, of a similar kind as ancient paintings: very expensive collector (hodler) items, with of course also very unpredictable future value.  Now, a currency needs to be a reliable unit of account, which a speculative item never can be.  But contrary to something like gold that "always existed", bitcoin's recent "printing" has caused HUGE seigniorage for early adopters, which are of course induced to start a greater fool game, which will be imitated by layers and layers of greater fools.  The expectation of price increase in the future will have to break down at a certain point, at which the last layer of greater fools will be very, very disappointed.  This is different with a ancient collectible.  You do not necessarily expect a price rise.  You are careful in your investment and you are satisfied if you find a "same fool".   It KEEPS value, it can increase or decrease somewhat, but you do not expect double digit yearly gains.  Bitcoin's initial seigniorage has delivered multiple digit gains and it is essentially what dominates its market.

==> a collectible with huge initial seigniorage becomes a speculator's asset, not a currency.

b) The limited number of coins induces a lowering of the block reward.  The block reward is needed because it is the "spend value" on security: anyone willing to spend more than the block reward on proof of work, can rewrite history.  This is the somewhat silly cryptographic protection of proof of work: your protection is the amount of value you spend on it.  If an attacker is willing to spend more, he can break the protection and re-write history.  This becomes interesting if many transactions in blocks become much larger than the block reward.  Because of the limited number of coins, the block reward has to go down.  So fees are needed.   Hence, transactions need to be scarce for fees to be important, or the system becomes insecure.  This induces friction on transactions, which will hinder its usage as a currency even more, but doesn't mind for relatively rare transactions of "old paintings".

==> transactions need to be scarce, for the fees to pay for the security.  The induced friction hinders the asset to become a competitive currency.

c) The relative slowness of the transactions and its friction makes that for day-trading, clearing houses are better: most volume of trading will hence not be done on-chain, but will be using IOU on clearing houses (exchanges).  This will end up requiring legal protection and these clearing houses will become new "banks" ; their centralized systems are much lighter and quicker than any decentralized network and will be much more performing.  As such, bitcoin will be just a "backing" of these bank IOU.  Note that these clearing houses came essentially into existence because of the speculative nature of bitcoin.  They are not "sales points of coins" as they were intended, but they are trading clearing houses because of its highly speculative nature.

==> the nature of bitcoin (speculative and friction of relatively slow transactions) induces the existence of highly regulated clearing houses in which bitcoin IOU are the true "currency" and bitcoin is just its backing asset.

d) the throat-cut competition in PoW and its lottery aspect makes for mutualising the lottery-risk, hence gives rise to at most a few tens of pools (the Poisson statistics and the 10 minute blocks make that many more pools would not make sense as they wouldn't win enough blocks for the lottery statistics to smooth out quickly).  As PoW is not only used for coin creation, but also for consensus (over everything), this turns these pools into the real powerhouses of bitcoin.  They have a huge stake in making mining profitable, which is finding the right balance that squeezes out the maximum of fees the market will bear.

==> the idea of using PoW not only for coin creation, but also for consensus finding, makes that bitcoin will end up in the hands of an oligarchy of a few tens of people at best.

PoW has become cut-throat, and it is a slow lottery, because of the difficulty adjustment, which was needed to keep the coin emission rate limited.  If the coin emission would have been flexible, that is, with a value-limit on it, that would actually solve about all problems bitcoin is facing.

So, my "proposition" (which is impossible, I know) to repair bitcoin would rather be:

a) separate coin creation with PoW from consensus (with PoS).  This keeps the power in the hands of the owners.

b) put a limit on difficulty, which fixes the *value* of the coin, and not the number of coins.  This takes out most of the speculation, because the value of the coin is capped.  This will turn coin creation into a non-competitive game, and hence take out the pools, take out the cut throat competition and take out the lottery aspect ==> no more oligarchy

c) PoS without rewards is something that can work very fast, is cryptographically much more secure, doesn't waste resources, and can work with essentially unlimited blocks ; we don't care about orphaning some.  This takes out the friction of payment and the slowness of payments, and ensures true decentralisation.

d) the value regulation instead of the number-of-coins regulation brings bitcoin much closer to Nash's "ideal money".

There can be a limit on block size, because the SPEED of block generation is arbitrary (with non-remunerated PoS).  Nothing would stop building a LN type of network on top of it, because of the unlimited settlement capacity of the underlying system which is needed to keep LN permissionless.

No.  What is funny, is that "decentralization" doesn't increase when you run SEVERAL nodes.  Decentralization is about how many independent "decision entities" that are not colluding over their strategies, are part of the system.  You are ONE such entity.  If you run MANY nodes, you are only doing a Sybil attack, you are not increasing "decentralization", because your 4 nodes are colluding (it's you, each time).

This is like saying "voting is important, I went to cast 4 times a vote with false ID papers, long live democracy !".

I found that funny.

Note that this is even under the false hypothesis that non-mining nodes add anything to decentralization, which it doesn't.  Only starting a mining pool and attracting enough hash rate adds to decentralization.

It is even more complex than this.  Even segwit blocks can use asicboost.  It only becomes less profitable to do so.

I found a good explanation here:

https://bitslog.wordpress.com/2017/04/10/the-relation-between-segwit-and-asicboost-covert-and-overt/

This is very funny  

In fact, it is so easy to sybil the number of nodes signalling something, that if it had any meaning to signal something as a node, proponents of this or that side would already have been running tens of thousands of nodes signalling whatever they think.  But it could also be a way to signal, as you point out, the opponent's view, so that people get tricked into believing they form a powerful crowd, and when they "put their money where their mouth is", get the carpet pulled from under their feet. 

This is going to be very funny to watch if they pull the trigger.   I surely hope they do, because I like this kind of experiments !  BTW, I think the quoted text is very misleading because it doesn't consider many probable scenarios. 
The text is thinking that the only economically motivated entities are miners, that are subject to the  severity of users and exchanges, but that exchanges are oblivious to making profit from listing both bitcoins, and that users are oblivious to risking their transactions not being valid after a re-arrangement of chains.  They believe that no users are going to be willing to buy somewhat cheaper legacy bitcoins from miners, starving non-segwit miners to death ; while segwit-forked users won't be scared to lose their funds if their chain is abandoned.

This is why I really would like this thing to happen: surprises almost guaranteed.

Bitcoin's price is, from the very beginning, completely unrelated to anything.  Bitcoin's price has almost NEVER been driven by 'demand for usage'.  It has always been long-term speculation ("moon when all people will buy their coffee with bitcoin, and I'm an early adopter").

There's a world of difference between a HF that keeps the same hardware for PoW, and hence has two coins that compete for the same miner resources ; and a HF that changes PoW, and hence, leaves the full original PoW to the original coin and needs to install *new* miners on the *new* PoW.  

A HF can kill the original by siphoning its miners and by overwhelming it in the market if they keep the same PoW.
However, I have to say that I do not see the difference between:

case A)  make a HF from bitcoin that is litecoin-bis, hope that bitcoin owners are going to dump all their bitcoin to buy litecoin-bis.

case B) consider that litecoin exists, and hope that bitcoin owners are going to dump all their bitcoin to buy litecoin.

What's the difference ?

There are a few differences between scenario A and B:
1) the moral authority of Core, that is now calling to dump bitcoin and buy litecoin-bis (but why don't they do this for litecoin-original then ?)
2) linked to (1): the belief that if Core is behind it, it will be the valuable thing
3) the fact of organizing this "all together" to make a major dump of bitcoin, and a major pump of litecoin-bis (but then, why not do this with the original litecoin ?)

In fact, Ver and Wu's coin have more chance to ever be called "bitcoin", because the *actual bitcoin miners might decide to give up on the original, and switch to the new one, abandoning the original one and lowering its hash rate*.  However, with a PoW changing HF, all the current bitcoin miners will continue to mine bitcoin, with the same hash rate.  Because that's all they can do with their hardware !

It would BTW be funny to see the new bitcoin and the amount of PoW that goes with it.  Bitcoin has been marketeered as super more valuable because it had the most PoW and was the safest chain (this is somewhat bullshit, but it is part of the bitcoin dogma's and one of the reasons why bitcoiners think bitcoin is for ever superior to any other crypto currency).   If you invent a totally new PoW scheme, of course, in the beginning, there won't be much proof of work as compared to the original one !  If it is a GPU based algorithm, chances are that it will be largely inferior in cryptographic security than the original chain.  How to convince people to leave  behind "the  most secure chain ever", to jump to some totally new thing that could be 51% attacked at any moment (for instance, by ETH miners).  What if someone (bitmain) has actually an army of ASICS that haven't seen the market and takes over all the hash rate ?

When Asics took over from GPU and FPGA in bitcoin's history, the chain wasn't worth as much as today, and code was centralized on Core.  Can you imagine the impact if there's essentially a hardware monopolist that fully takes over the new chain ?

In fact, you could do such a fork, and "true bitcoin" might not even be aware of it !  There's strictly no reason to suddenly start naming the original bitcoin, which happily continues to function, something else, because someone forked off an alt coin.  Ethereum was different, because the Ethereum Foundation has its name in a way, and because ethereum didn't change PoW, the original ethereum miners that were mining the original chain (ETC) abandoned largely the original ethereum (ETC) to go to the new one.  Nobody thought that the original ETC would continue to exist, but it did.
With bitcoin, that will not be the case, because *all* bitcoin miners will continue mining bitcoin like before.  The chain will not stop because someone decided to make a different coin.

But all this is theory.  I would like to see the UASF with a change in PoW pulled off and watch what will happen.  I think I know what will happen, but it is always better to do the experimental test.

You could just as well say that Newton was a paid or an unpaid shill of the laws of gravity.  As I said, bitcoin is a dynamical system, and we have to discover its dynamical laws (of which we know its basis: game theory, but we don't know the cost functions of the entities, although we can make reasonable assumptions about it).  

If I'm complaining about anything, it is about people's lack of rational insight, and emotional ties to certain positions - usually based upon the confusion between intend and consequence, and their total lack of insight into the *actual* workings of the system they talk about.  This leads them to propagate opposition to certain solutions on the basis of false arguments.  The principal one is of course the idea that one shouldn't increase block size because that would drop the number of Joe's running full nodes in their basement "to keep bitcoin decentralized", while the number of Joe's running full nodes in their basement is absolutely of no importance what so ever in the power structure of the system.


I think you are missing the principal basis of game theory, which is the *individual decision* of an entity as a function of his own advantages and disadvantages ; the behaviour of the overall system is a consequence of these individual decisions, and individual decisions are not taken as a function of the overall desired consequence (call it the tragedy of the commons).

The only users that matter for miners, are BUYERS of coins.  The OWNERS of coins are not the ones that are going to pay miners.  A miner will individually make the decision to change the block chain he is making (change the protocol) if he thinks that his individual change will let him obtain more value for the coins he obtains this way, than if he doesn't change his protocol.  There is a very strong incentive for miners to stick to the protocol the rest of the miners is sticking to: changing *on your own* is almost always a losing proposition, because most probably, the chain you will be making, with minority hash rate and modified protocol, will most probably NOT find a lot of buyers.  This is where your *miners follow the money* comes in.

Users in the sense of stake holders, are more victims than market players in fact.  The stash they own on a chain, is dependent on their ability to transact, for which they are dependent on the miners including the transactions in a chain they are willing to make.  For that, these users have to "bribe" the miners with a fee, and be willing to use the chain the miners are offering.  These users are totally at the mercy of miners, because the miners can decide over their possession, and the miners are not interested in their possession ; the only thing miners want, is NEW users buying their coins, not "old users" needing to transact.

If you have a million coins in BTC, you have to pray that a miner is going to be willing to include your transactions in a chain of his liking he's making for you.  The miner doesn't care about your possession, but you do.  The miner cares about people buying the coins he's making on the chain, not about the owners of coins that are going to transact ; apart from the fact that these owners need to pay for the favour of including a transaction in the chain they make.



Yes, but worker unions can only obtain stuff because the legal system intervenes.  Worker unions without any legal backing break up, because some workers want to eat and break the cartel.  BTW, that's also why you have employer's syndicates.  But all these things are centralized entities.   In fact, miner "worker unions" (miner cartels) are much, much more probable than "bitcoin users forming a worker's union", simply because the miners don't care about most of the bitcoin OWNERS.  They only care about bitcoin BUYERS.   The owners are at their mercy.  Not the other way around.

A miner cartel, to be made of, say, 20 entities, is way, way, way easier to form than a user cartel, made of millions of new users/buyers.  In any  case, if such a cartel is working, the system has lost its decentralized aspect.  

The only thing that is still holding back the power of miners, is the visible incapacity of them finding a decent group of developers.  That's scary because a crypto is not really a big or difficult software project once you lay out the protocol to implement.

Given the amount of text, the rather unstructured logical construction, it is difficult for me to know what exactly you want to say, in what way it contradicts what I'm saying, and in what way it is the logical culmination of rational steps of reasoning.  So I pick out things I want to react to when I read them.  If those are not the points you want to discuss, you should maybe not write them, or structure it somewhat better.   I will continue to do what I usually do: react to the pieces that I read and of which I think they are erroneous, unfounded or whatever.  If those are not your main points, that doesn't really matter to me.  If it does to you, point them out better then.


First of all, "purpose" has no meaning in a decentralized system, because each entity in the system has a different purpose, and is assumed to act according to his view of the pursuit of his own purpose.  In order for there to be a "global purpose", there has to be an entity singled out of whose own purpose is the "global purpose".  Different entities can have opposing purposes: if I want to steal you, and you want to steal me, we have opposite purposes (an action and a result that is in agreement with my purpose, namely that I stole from you, is not going to be perceived by you as such positive action and vice versa).

But moreover, you clearly see that your very statement is self-contradictory.  There is a "baseline standard rule", but which can be "modified", until it won't be modified any more at an unknown point in the future.  Attacks are defined as being modifications after the unknown point in the future ; needed modifications are modifications before that unknown point in the future ; who's to define that point in the future ??  Is core attacking bitcoin with Segwit ?  Are big blockers attacking bitcoin ?  Is that point in the future already in the past, and has bitcoin been attacked already successfully many times ?

"a standard is unmodifiable at a certain unknown point in the future, but in the mean time some of us can modify it".  I hope you see that such a statement is entirely impossible in a system that claims to be a decentralized system but is even entirely impossible without a King whose whims are the Law, including His decision of when the famous point in the future is reached (his death ?  His abdiction ?)  If ever such a point made sense, it would have been if Satoshi said "bye bye now".  But he didn't, even.  Maybe he was hit by a bus, nobody knows.  


All systems in this universe are subject to the laws of physics and the emergent properties they induce.  We can only *discover* them, not *dictate* them.  Bitcoin is a system that is just as well subject to the laws of physics, of which the emergent properties are the game theory with the cost functions of the entities that "play its game".   Bitcoin's initial protocol is just part of the *initial state*, not its "dynamics".  The dynamics of bitcoin is game theory, it is not "the protocol of bitcoin".  The protocol of bitcoin is part of its state.

This is why my reference to gravity is pertinent.  The laws of gravity are part of the core laws of this universe.   Now, you can set off specific systems using gravity, like the Solar system.  Maybe your intention is that the solar system is a stable system "under the laws of gravity".  Maybe.  However, the planets running in stable orbits (the "initial protocol of the Solar system") is just an initial state.  It turns out that nothing guarantees this structure to remain so for ever: first of all, its stability over the long term internally is not guaranteed, but moreover, any external event can modify it.  The laws of gravity remain valid.  But the "protocol of the solar system" not.  It was an island of supposed stability under an approximate understanding of gravity, namely Kepler's laws, which are approximate when we understand Newton, and which is itself only approximate when we understand general relativity.

The "laws of bitcoin" are NOT the protocol but is game theory.  Whether its protocol remains stable (immutability) or not is to be seen, and is a consequence of its dynamical laws, not because of a "desired design".  And we can only *discover* them.  Not dictate them.  You don't dictate game theory.  You discover it.




Ok, but then this is nothing else but a centralized system.  If there's only one reference client, and the devs of it do two things:

1) build in an "end of life" into every reference client, to oblige a hard fork after X blocks (like monero does)

2) once everyone is running this one, they give themselves a huge amount of coins in the next release,

then, by definition, this is the sole reference client, and the devs become immensely rich in BTC.  It would not be an "attack" because the authors of the reference client are those that have the sole right to dictate the rules (they are the aristocracy).  In fact, anyone trying to run *other* software would then have to be considered as an attacker.

I hope you see that your concepts you are advancing, are entirely ill-defined.


Then bitcoin doesn't make much sense. It is a central bank, and the center you are talking about is the board of governors of the FED. We have that already.  But moreover, whether bitcoin makes sense or not doesn't even matter: it is now a system that is "up and running" and it will follow the laws of its game theory, whether we think that's OK or not.

I actually would propose a fork with PoS for the consensus, while keeping PoW for the coin creation.  The PoS would not be remunerated, it would just be a "free service to the community" in the same way that people are now running (powerless) full nodes.

But let us stick to your idea to change the PoW scheme.  For instance, scrypt instead of sha-256.  This has many facets to it.

First, I'm always puzzled why bitcoiners want to have something in bitcoin, that is already up and running elsewhere: if you change PoW into scrypt, you have Litecoin.  Litecoin is essentially bitcoin, but with PoW being scrypt.  Litecoin was invented, exactly, because already in 2011, people understood that asic owners were the deciders of the coin - it failed however, because there are also scrypt asics.  Note that DASH invented X11, a joyful mix of 11 different hash algorithms, "to resist ASICS".  Useless:

https://asicminermarket.com/product-tag/x11/

For the moment, cryptonight is still standing.  But with monero's increasing price, I wonder whether it will stand a long time.

There are serious efforts to make essentially ASIC resistant algorithms, and I think that burstcoin is using a so big memory needing PoW algorithm that you need disk space of TB for it ; it becomes "proof of capacity".  If I were a hard disk vendor, I would hype such coins.

But what I want to say, why stick with bitcoin if you want to use the system of another coin.  Simply sell your bitcoin and buy the other coin !

But let us consider that, nevertheless, you try to change the PoW function in bitcoin. Let us say for the moment that we take scrypt.  So the new bitcoin is simply a version of litecoin, but with a different initial chain. What happens ?  This is in fact a totally new coin you create, with not even the option for the actual miners to "switch camp".  So "old bitcoin" will simply continue to function, with all its stuff.  The only thing you did, was create a totally new coin, that happens to have the same coin possession as the bitcoin owners at the point of forking.   But it is, say, litecoin, but with the former balances of bitcoin.

People will now own two coins: the new alt coin you just made, and their original bitcoins of course.  In order for the new coin to take all the value of the old bitcoin, people need to sell all their old (original) bitcoins, and buy more of the new lite-bitcoin.  What makes you think that people are going to dump their *original bitcoins* to buy the new altcoin, and they didn't do that with the existing litecoin ?

After all, you have to sell your *original bitcoins* to buy more of a new coin that is in all respects like Litecoin.  

Note that deciding on which coin to sell, the "new free money you got" (the lite-bitcoin) or your "original bitcoins", you have to be careful.  If you make a mistake, you lose everything !  It is not a matter of *your own choice* but it is a matter of your own prediction of what others will do, while others will try to make you dump your "valuable" coin, and buy the shit coin instead.  Which one will it be ?

I think the first requirement of a user is to be able to do transactions in a cheap and permissionless way.  It is very funny to run your own node in your basement if you're a geek, but you don't need that to do transactions.  If you ask a user whether he wants to be able to transact cheaply and without any hassle, but he has to invest in a few TB hard disk and maybe upgrade his internet link if he wants to be a geek in his basement ; or whether he wants to keep using his old core-duo PC with his 300 GB disk for his geeky full node in his basement, but with the current transaction difficulties, I think the answer will be very fast ; but it is sufficient to make a hard fork and ask the market to vote over the two models: that's how the free market is supposed to work:
do you want a big car that can run over all kinds of terrain but can only reach 100 mph, or do you want a sports car that can do 200 mph but only on good roads ?  Sell both !  The customer will chose.  There's maybe a public for both.

By far most users of bitcoin have never run a full node.  They don't need it.  The full node copies simply what the miners made, and the miners are the entities that keep the miners in check.  The wallet is what downloads the right data from a full node, that doesn't need to be trusted because the wallet can verify the cryptographic authenticity, namely that the data it received, was the data that miners made.

But this is already the case.  And solely due to bitcoin's design, which determines consensus as by hash power consensus, where miners are put in a game that leads to a Nash equilibrium of all of them playing by the same rules, which we call "consensus".  What changed from the original conception, although highly predictable, was the clustering of mining power into pools which are not very high in number: 5 for majority, 20 for essentially 99% majority.  
Bitcoin's design, on top of that, makes it extremely difficult for a miner pool to not be in the majority consensus with the very slow difficulty adaptation, which kills all small minority miners deviating from the consensus.

What does this bring us ?
a) Even if there are only 20 mining pools, if they remain decentralized, meaning, they don't collude, meaning, they don't "sit in a room and agree on something", then bitcoin's protocol remains what it is.
b) If a serious hash majority of these mining pools (say, 8 of the big ones) colludes, meaning, they sit in a room, and decide to take action together, then that action will be what bitcoin's new protocol will become.
c) If two comparable camps appear in these mining pools, then they can remain locked up in a prisoner's dilemma like in (a), or they can "pull the trigger" and break miner consensus.  ONLY AT THAT POINT, users can say something (in the market).  The only thing a UASF could obtain, is that the trigger is pulled somewhat faster by making believe at least one camp that they might win.  But the nodes not necessarily being representative for the market, that's a risky bet.

Users can vote in the market if miners break miner consensus, and fork into two coins.  As long as there is miner consensus, users can just decide to accept that, or to leave bitcoin and their holdings behind them.

This was not the case as long as miners were manifold, and dispersed throughout the P2P network, because the P2P network FILTERED blocks that came from about anywhere.  But this is not the case any more.  Miners don't need the P2P network with Joe's node in his basement to get the blocks from their peers.  It would make them lose too many blocks.  You can estimate the connectivity between miners by the orphan rate.

https://blockchain.info/charts/n-orphaned-blocks?timespan=60days

There have been 3 orphaned blocks more than a month ago, and nothing since !!

You would almost think that there is only ONE MINER POOL, so good are their connections.  Joe's node in his basement is totally out of this game.

3 blocks in 2 months, that's essentially 3 collisions when there have been 10000 blocks produced.  In other words, miner pools know each-other's blocks within a time lapse of the order of 10 minutes * 3 / 10 000 = 180 ms !!

Joe's node in his basement has filtered ZILCH between miners.  In 180 ms, they know one-another's blocks (otherwise, purely statistically, they would have published many more orphaned blocks).

Regulating crypto currencies is actually extremely simple: you ask every "official" user of a crypto, to keep an official bookkeeping for inspection.  You may even make a block chain application for that !  In that bookkeeping ledger, you are required to declare all crypto you receive, and from where it comes, for what purpose.  That's all.  The crypto can be as anonymous as you want, and as decentralized as you want, the simple thing is that you're not *supposed* to own any crypto of which you've not declared its possession.

Mind you that nobody is going to come and lay their hands on your computers to verify whether you don't possess secret keys of one or other crypto.  No.  But the point is that you cannot spend *publicly* any crypto that you didn't declare its origin from.  You can hold as many bitcoin, DASH, Monero, ZCash, Shadowcash or whatever.  But you cannot spend a single one of those in an official place if you didn't declare where it came from, including exchanges.  Of course, you can use foreign exchanges to swap your bitcoin for monero, then transact them to yet another exchange and so on.  But in the end, if you want to spend them, say, at Indian Airlines to buy an airline ticket, and you pay say 1.5 BTC for the ticket, Indian Airlines will report that YOU, Joe Sixpack, bought an airline ticket for 1.5 BTC.  Now, officials can go and check how many bitcoin you declared.  Maybe you declared that 3 years ago, you bought 5 BTC on an exchange.  OK.  Leaves you 3.5 officially useful BTC. 

If ever you try to pay 3 other things at Amazon India, and the total amount passes 4 BTC, then officials will (automatically) know that you were fraudulent: you've paid in total more than the 3.5 BTC you declared, with BTC.  ==> you're in trouble.
Imagine that you had obtained in fact extra BTC because you speculated on an exchange.  No problem.  You simply had to report it ; in fact, the exchange will do it for you when you withdraw coins: "Joe Sixpack has received 5 BTC from our place". 

This doesn't stop using crypto in an underground economy.  But you cannot get this crypto out of the underground circuit to use it officially.  Exactly like "dirty cash". 

==> you see the error in your reasoning: it is not because Satoshi "attempted to create" something, that the something he created, will behave the way he intended it !  Taking the desired outcome of a design as a logical consequence of the functioning of the design is a known error which happens frequently in discussions about bitcoin.


I think you're slowly getting it.  The public proofs are not to "show that the miners behave well", but only are there to prove your transaction to someone else, in order to obtain value against it (an IOU on an exchange, drugs on a dark market, whatever you want to use your transaction for).  Because if you, as a user, owning a lot of bitcoins, are not happy with the single ledger out there, and find that that single ledger is not built according to how you think it should be built, then you have only one single option: leave your bitcoin holdings for what they are, and go farming or sailing and forget bitcoin.   
Indeed, the ONLY MEANS you have to obtain value against your bitcoin holdings, of which the sole proof resides in the sole chain that is being made out there, is for that single chain out there to record your transaction, with the hope that the recipient is going to be willing to consider it as valid.  If he doesn't, you've simply lost your coins on that chain.  If you don't consider that sole chain as valid, you're foregoing your "right to spend" of your coins, because it is the only place where you can spend them.

I know that Satoshi *intended* it otherwise, but that's how the system that he designed, is designed to behave.  This is because Satoshi saw the whole network as mining or at least, as the miners embedded in a P2P network.  But if the mining nodes are not very numerous, and have a backbone connection, then the P2P filtering doesn't affect them in their building of a chain.

So essentially, if "users" on one hand, and "miners" on the other hand, are united, and miners make only one chain, and users refuse that chain, then:

1) users forego all their rights to spend, as if they didn't hold any coins
2) miners are making coins nobody will buy

I think SOME users will give in first.  Because they are more numerous (millions against 20) ; because they have individually no cost in "leaving their camp" (while miners do, especially with the very slow difficulty adaptation of bitcoin).  Users remaining united against miner consensus is a "tragedy of the commons": the user that switches behaviour WINS (can buy cheap coins from miners and can transact!).  The miner is in a Nash equilibrium with other miners, and forking off is expensive for him (his chain may not survive).

Game-theoretically it seems quite obvious that "united users" against "miners in consensus" makes the miners win.

What is tricky, for miners, is to get into this different consensus.  There, most probably, they can only do so with cartel formation, because they are in a Nash equilibrium in the current protocol.  But we are talking about the hypothetical clash between the miner protocol and the user "verification". 


No, that's not what I'm saying.  I'm saying that a dynamical system behaves the way it is observed to behave, most probably according to the emergent properties of the dynamical laws of its constituents, and NOT according to some pre-conceived ideas from how it SHOULD behave because it was the DESIRE of the founder or something.   I'm not saying that there are no true laws of gravity.  I'm saying that the laws of gravity are whatever we observe gravity to do, and even if we would think that gravity SHOULD behave differently for moral reasons, that's not necessarily going to happen.

In other words, bitcoin has dynamical rules built into it, which are game-theoretical and cryptographic/techical.  These rules will determine how bitcoin will behave ; and not some or other white paper.  That said, in as much as the author of the white paper correctly estimated the emergent properties of his design, that design will work as designed ; and in as much as he made mistakes, his opinions don't matter, but the real behaviour does.  Real behaviour which must find its explanation in the behavioural rules of each of its entities, as confronted to the "rules of engagement" (cryptographic and game-theoretical).  Whatever results from these interactions as emergent property, is what we call bitcoin's behaviour, and hence, the "valid" way in which bitcoin acts.


This is not necessarily true.  After all, are you really going to say that if miners start mining 20 MB blocks tomorrow, that nobody is going to value a bitcoin any more ?  The value of bitcoin has only to do with the belief in the value of the buyer of the coin. 
Do you think that big owners of bitcoin are going to let their stash become worthless, because some or other protocol changed ?  Of course they will try to convince greater fools to buy their coins, exactly like they are doing right now.

That said, you are right that miners will be sensitive to the valuation of their block rewards (coin value times how many of them they can obtain, fees, and block rewards). 
In fact, if they would estimate that the price of a coin would divide by 10, but they would be able to obtain 20 times more of them, that would be a smart move on their part, doubling their income.

But it would be difficult for them to make that move, because they are individually locked into a Nash equilibrium with the current protocol.  Only cartel formation would let them do so.

Well, I already wrote a few posts about how bitcoin transactions are wasting space *uselessly* and make verification *uselessly* complicated.

I will quickly indicate what is wrong if one wanted to win room, without modifying anything to the principles, apart maybe one.

A) we keep bitcoin's rules exactly as they are:
Aa) there is no need to publish the public key.   The public key can be derived from the signature and the message (ok, very few signatures could fail, in that case, one should have foreseen it, and modify the nonce of the signature, but it is one chance in 10^36 or something if I remember well).  That's 256 (and noncompressed, 512) useless bits.
Ab) the output transaction hash (256 bits) is much, much too long.   The number of the output, on 32 bits, (4 billion outputs !!) is too long too.  Note that indicating the transaction hash is not really an element of security, it is a way to help find the right output.

But this brings us to what would have been a very good rule in bitcoin:

-> don't allow address re-usage.   This could have been in the protocol !

B) if that applies, then there is not even any need to specify any output transaction hash: 256 + 32 bits won again !  Because there's only one single output in the whole block chain that has this single input address (found by the hash of the public key, found by looking at the signature).

Moreover, forcing single-address usage would improve the cryptographic security somewhat, because the public key would never be exposed before it was useless, and many other things would be better.  There would not be any notion of transaction malleability either.

So we would only need a signature as an input.  Nothing else.  No referred-to previous transaction and transaction output, nor any public key.  And the search would be easier (just a single address).

We would win more than half of the room of an input/output pair that way, if we consider compressed keys, and even almost a factor of 3 of the uncompressed case.

Yes, the white paper was still talking in terms of absolute rules (this is why I said that Satoshi did a genius invention, and didn't realize it himself), in terms of what the King decided, and had hence an undefined notion of "honest".  His "to accept alerts from the network nodes if they detect an invalid block" is actually a poor way of killing the consensus decision process by a "vote by majority of nodes" which can easily be Sybil-attacked, and which was the original reason to base consensus upon PoW and not "vote by node" !

Satoshi didn't realize that the immutability and the consensus mechanism he was thinking applied only to the HISTORY of the block chain, was also the mechanism that decided about the protocol.  He thought that he, or his heirs, would remain the central deciders concerning the "laws of the system" (the King and its aristocracy that can dictate the law, say), but that the users of the system including the miners, would be subject to a game-theoretical decentralization, which would keep them on the Nash equilibrium of the rule set the King and his aristocracy decided upon with their de facto software monopoly that contained the Law.  This is why he talked about "honest" nodes, that is to say, nodes that run correctly HIS software with HIS rule set.  So Satoshi was still thinking as himself or his heirs as the central deciders about what is valid and what is invalid, and impose it through their software.

However, the consensus mechanism (the genius invention of Satoshi) applies to EVERYTHING, not only the binary data of the block chain history, but to the protocol too, if the software becomes decentralized too and the central deciders lose their power.

But what you say is evidently not true, in the following sense: suppose that I have 10 times the hash rate of the network under my thumb without anyone knowing, and tomorrow, I fire up my hardware and I orphan the last 100 blocks and replace them by 200 empty blocks (rewinding all the transactions of today).  I can produce 200 empty blocks simply because of my hash rate.  Suppose I keep on mining these blocks for the next 10 weeks.  I will have outpaced all others.  I will have made by far the longest chain with the most PoW.  Difficulty will have gone very high.  All software that is running bitcoin, including all miner software, will mine on top of my blocks after that.  The transactions have been rewound because the only growing block chain is the one which is the "true history" by definition.  The orphaned blocks containing the "real" transactions are now considered non-existing or false blocks.



Of course, but that is exactly because there's a software monopoly (in alt coins even more than in bitcoin).  So evidently, the single software running out there cannot contradict its very own protocol, so with a software monopoly defining the protocol, this situation can of course not happen.

The whole point is that if there is a single block chain out there which has a modified protocol, and if miners all agree amongst themselves to continue mining that chain, using whatever software to do so, then that modified protocol is the true protocol of bitcoin, or of whatever you want to call the coin that goes with it.   If miners are not bound by the central software decider, they are the deciders of the consensus, not only concerning the transaction history, but also of the protocol.

The whole difficulty for miners is to come to any other agreement than the current protocol, because the current protocol is, for them, a Nash equilibrium.  If they know that all their peers are bound by the software monopolist, they can simply follow, and the software monopolist is the true central decider of bitcoin.  But if they are not certain that their peers will run all the same DEVIATION of the actual rule set, then the current status is a Nash equilibrium out of which they cannot escape, unless they collude themselves to decide upon something else.  In that case, their cartel is now the new central decider on bitcoin, because the software monopolist lost its monopoly.  

EDIT: BTW, one should make a distinction between two different notions:

a) hash rate majority
b) hash rate consensus

Hash rate majority can impose history modifications (the famous 51% attack) and protocol modifications that are soft forks onto the entire network.  A typical soft fork imposed upon the network is a blacklist of addresses.  If a majority of hash rate decides to blacklist addresses, and orphan blocks that contain those addresses, then this black list is imposed upon the whole system.

But hash rate majority cannot impose various protocol changes which are hard forks.  This leads us to:

Hash rate consensus.  Hash rate consensus is when all miners accept one-another's consensus decisions, that is when they make one single chain.  Apart from timing problems and accidental orphaning, they accept one-another's blocks and build on top of them.  This hash rate consensus is what I'm talking about when I say that it also determines protocol.

Hash rate consensus can be broken, when a certain part of the miners decide upon one protocol or history, and another part decides upon something else.  Obviously, this can not happen if there is a software monopoly !   But if there is no software monopoly, such consensus breach can happen.  If miners split in two or more groups, and only recognize their peers' blocks as consensual, we simply have a forked chain.

When there is hash rate consensus, the emerging protocol is the "valid" protocol, whatever it is.  If there is no hash rate consensus, there is a fork in the chain, and users can pick one or both of the prongs to do things with, like transact on it, or consider received transactions on it.   When there is hash rate consensus, there only being one block chain out there, there' s nothing else.