[Proof of Work]

This thread is a tribute to all the discussions that have been made regarding these two mechanisms. As a PoW enthusiast, I'd like to explain why PoS is an inferior mechanism for such protocol as it loses in both centralization and capability of producing consensus, two of which are necessary for an innovative kind of money of this character.

But, before I move onto anything, I think that it's very important to understand what's centralization. It can be described as:

The action or process of bringing activities together in one place.

As you may get, centralization is a vague term and it's nowadays misused either unwittingly or to favor benefits. One may say that Bitcoin is less centralized in contrast with an altcoin, because its hash rate is distributed more properly, but they'd also be as correct as one saying that it's less centralized, because it has a better wealth distribution (no ICOs etc.). An other may say that few pools own the majority of the hash rate and hence, it's centralized; they may disagree that centralization can be measured etc.

Therefore, we need to precise what exactly we'll call centralization. My definition goes as following:

Centralization is the situation where few people (can) have a great affectation to the final outcome of our economy.

So, the more something's centralized, the more those few can affect it. They're analogous values. These people can either be developers or regular users.


Proof of Work
How it works in theory: (With lottery tickets as metaphor)

• Everyone can generate lottery tickets.
• Scratching those requires spending of computational power.
• There's no way to know if a ticket is a winning one unless you scratch it.
• Each ticket has a rarity.
• If someone proves they scratched a ticket whose rarity was one-out-of-one-trillion, they essentially reveal that they have searched one trillion tickets on average.
• The network decides what rarity is required for a ticket to be a winning one.
• Whoever scratches such ticket gets a reward.
• The required rarity changes based on the frequency of the winners.

Proof of Stake
How it works in theory:

• Owners of the cryptocurrency lock up their funds.
• They vote by proving their financial bond with a digital signature. The greater the bond, the more the votes.
• The block with the most votes is considered the valid one.

A valid transaction is a transaction that complies with the consensus rules and has been included into a block. For example, if you try to spend a transaction output that has already been spent, then the transaction is invalid as it goes against the rules. Satoshi Nakamoto solved the double-spending problem in the following way:

• Require all the transactions to go through a ledger. Any transaction that is not written in it is ignored.
• When there are two conflicting transactions, the "correct" one is the one that was published first.
• To determine time, you need a timestamp server.
• To have a timestamp server, rely on proof of work.

That way you can ensure for the validity of the ledger, without being present all the time. Consensus takes place when the transaction ordering problem is resolved in a decentralized way. That's essentially Bitcoin. That's the Byzantine generals' concerted strategy.

Why Proof of Stake cannot produce consensus
Punishment plays a big role in this system. Our wealth is protected solely from a game theory: One or more entities are discouraged to cheat. Why that happens? Well, besides that:

The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth

There's also one thing our fellow forgot to mention (or emphasize): Energy. If one's behavior is dishonest towards the network, they're forced to pay for acquiring energy whether their attack is successful or not. They're punished outside the system.

This is not true in proof of stake and you'll understand why that's bad along the way. Nonetheless, there has to be a way to discourage cheaters, even if they're punished within the system's borders, and there is: Security deposits. Once nodes stake their money, the network can use those to punish them in case they misbehave.

While the mechanism uses the users' money to avoid double-spending it suffers from the so-called "double-signing problem". In other words, the system isn't objective in broad terms:

However, new nodes joining the network, and nodes that appear online after a very long time, would not have the consensus algorithm reliably protecting them. Fortunately, for them, the solution is simple: the first time they sign up, and every time they stay offline for a very very long time, they need only get a recent block hash from a friend, a blockchain explorer, or simply their software provider, and paste it into their blockchain client as a “checkpoint”. They will then be able to securely update their view of the current state from there.

Remember, we use consensus to ensure that a newbie who just installed a client, syncs without doubt of whether what they're receiving is valid or not. Their node demands from the rest to send blocks, it verifies the validity of every block and transaction and it'll initially reach to the last block of the chain with the most work. That's essentially the purpose of consensus; to avoid having unreliable actors.

When it comes to unreliability, our newbie is definitely safe in the PoW environment, but not in the PoS'. You see, since there's lack of objectivity, the weaknesses already seem to show up. If, say, one wanted to attack, they could gain much influence by liquidating their stake and proceeding to the abuse of their own keys. Any blocks that had been signed by them would be vulnerable and they'd have nothing to lose. That's known as "Nothing at stake problem".

PoS cryptocurrencies attempt to solve this problem by either punishing the attackers with the deposits' loss if they sign another block during a particular period of time or by ignoring a block that is signed a certain period of time later. The problem is that you can only do the latter if you were there from the start. If you had your node syncing, you'd have no way to know which of the two identical blocks is the correct one. As I've already said to have a timestamp server you need to rely on proof of work.

Why Proof of Stake centralizes the system
Because, the sources to contribute to the network aren't available outside the system. The "underpinnings" are in the stakers' fate. In proof of work, when you setup your ASICs and start mining you're, intentionally or not, subsidizing decentralization as the rest of the miners suddenly have less power. The opposite happens in proof of stake: To acquire voting power you increase their gains.


I address to PoS-ers to come to this thread and constructively argue with the above assertions or if they don't disagree, to spell out why PoW is worse. This was just my opinion; anyone's free to support the other side. I didn't type this title for no reason.

I was trying to upgrade to 22.0, but it can't run the binaries:

Code:

admin@raspibolt:/tmp/bitcoin-22.0 $ bitcoind
-bash: /usr/local/bin/bitcoind: cannot execute binary file: Exec format error

I've downloaded bitcoin-22.0-aarch64-linux-gnu.tar.gz and according to my RPi 4, I need ARMv7 binaries. Raspibolt tells me to download this as well:

Code:

# download Bitcoin Core binary
$ wget https://bitcoincore.org/bin/bitcoin-core-22.0/bitcoin-22.0-aarch64-linux-gnu.tar.gz

Any idea what's wrong? No help from Google.

I really couldn't find a more suitable title. Send me a PM if you've thought of something better.

Currently, we use public keys in compressed format. Each public key takes 33 bytes of space as it consists of the x-coordinate which is 32 bytes (256 bits) and a prefix which is 1 byte. They're included into scriptSig so the validator can check if the signature of a transaction is valid.

However, a validator can also check if the signature of a transaction is valid without having the public key in the first place, simply by deriving it, using the r, s, z values[1]. The problem is that this (extra) operation is computationally expensive and when we're talking about millions of signatures, it may make validation more tough for an ordinary computer.

My questions are these:

• Is the expense of keeping all the public keys (storage-wise) greater than if you just derived all those keys using this operation?
• If no, how do you measure the expenses of these two methodologies in such large scale?

[1] https://crypto.stackexchange.com/questions/18105/how-does-recovering-the-public-key-from-an-ecdsa-signature-work

[increase]

Besides portability, divisibility, durability and easiness on verifiability, Bitcoin has a unique feature people seem to skip: Complete inelasticity of supply.

When there's rise in the demand of gold, it becomes more profitable to extract it from the ground and therefore, more gold is being mined, more gold is being added into circulation. It doesn't necessarily matter if there's a fixed amount of gold in the Earth: Changes in the demand affect the supply. Your ounces might worth more when there's rise in the demand, but this will also be true for the miners. As a consequence: They will inflate it.

Same thing happens with every asset; there's a non-zero elasticity in supply. Bitcoin is the only asset whose supply is completely insusceptible to demand. This justifies these intensive fluctuations, because of the following economic law:

• When there's increase in demand, there's also increase in equilibrium price and increase in equilibrium quantity.
• When there's increase in supply, there's decrease in equilibrium price and increase in equilibrium quantity.

• When there's decrease in demand, there's also decrease in equilibrium price and decrease in equilibrium quantity.
• When there's decrease in supply, there's increase in equilibrium price and decrease in equilibrium quantity.

Bitcoin's supply cannot be modified, so the price can be less sustained with the rise or fall of the demand.


Why did you create this thread?

1. To show that this isn't an insignificant characteristic; it's actually what makes it an even better store of value as it leaves us with one less factor that can affect it.
2. To justify bubbles at regular intervals.

[Q: Do you moderate/delete (possible) FUD, accusations and untrue information?]

Franky appears to create a lot of noise when it comes to threads regarding the Lightning Network[1][2][3]. The way this person talks is ill-intentioned and does not contribute anything to the discussion. Instead, he starts yelling and spreading lies and FUD[4][5] whenever we're talking about something that is not in his interest (such as the LN) and demands from the users to do as he says[6]. Anyone who's against his ideas is being cursed.

Countless of times his posts are getting deleted after been reported. Still, he has an account here and is allowed to act same like without any penalties. However, those who do want to constructively prove him wrong are being punished by having their posts deleted and thus discouraged to stop his future FUD.

I address to the moderating team and request a ban, whether that's temporary or permanent. I also address to those who have been part in discussions with him and are annoyed by this uncontrolled abuse of the forum's free speech as he's infringing the rules:

Q: Do you moderate/delete (possible) FUD, accusations and untrue information?
A: No. We don't have enough time to check every single piece of information and verify the validity of the sources. Also, just like scams - too much room for bias and abuse.

However, trolling isn't allowed. If a user is habitually posting obviously false nonsense ("obviously false nonsense" to an outsider, NOT to someone who follows or is involved in the discussion) just to stir up trouble, then it's considered trolling, which is prohibited. Such cases should be thoroughly documented in the report though (There are tons of reports that just say "trolling", but moderators don't have time to look through each user's post).

It's down to you to support my statement that what he does is trolling.


[1] https://bitcointalk.org/index.php?topic=5376568.msg58708356#msg58708356
[2] https://bitcointalk.org/index.php?topic=5379192.msg58877861#msg58877861
[3] https://bitcointalk.org/index.php?topic=5378173.msg58804168#msg58804168
[4] https://bitcointalk.org/index.php?topic=5379599.msg58894664#msg58894664
[5] https://bitcointalk.org/index.php?topic=5378173.msg58827879#msg58827879
[6] https://bitcointalk.org/index.php?topic=5379192.msg58878182#msg58878182

Γνωρίζετε αν είναι δυνατόν να φτιάξω χρεωστική (π.χ., Visa) δίνοντας BTC χωρίς KYC; Κάτι παρόμοιο σαν το paywithmoon αλλά για Ελλάδα.

Έχω κοιτάξει BitPay, Coinbase, crypto dot com κτλπ, όλα αυτά ζητούν προφανώς στοιχεία. Το paywithmoon όμως δεν ζητάει τίποτα, απλά στέλνεις τα χρήματα με lightning network και σου δίνει μια κάρτα έγκυρη για δύο μήνες. Ενδιαφέρομαι ιδιαίτερα να μάθω αν τέτοιες υπηρεσίες που σέβονται την ιδιωτικότητα υπάρχουν και στην Ελλάδα.

I had a power outage which shut down my RPi 4 abruptly. For the past two days I get no connections at all which has left me with an older state of the block chain. What happened and how can I fix this?

Bitcoin Core v0.21.1 with onlynet=onion, listenonion=1 and blocksonly=0. I can provide more info from the config file if it's necessary.

I was wondering if it'd be effective to enhance everyone's privacy by making the chain analysis companies' job harder. Say, for instance, to setup a bot that randomly picks funded addresses and queries them into those SPV servers.

Example:  Bob is the owner of bc1q1, bc1q2 and bc1q3. Alice is the owner of bc1q4, bc1q5, bc1q6. Charlie is the owner of bc1q7, bc1q8, bc1q9.

If they select a server, which is a spy one in this case, their addresses will be linked and they will, therefore, lose privacy. What I propose is to setup a bot that queries those addresses in a random order to make it harder for the server to recognize which address is who.

Bob's query:
Give me the balances of bc1q1, bc1q2 and bc1q3.

Bot's query:
Give me the balances of bc1q6, bc1q8, bc1q2.

etc. Can this really work in the least or there's a flaw I have not thought of?

By taking a walk in my oldest threads, I wondered what part of Bitcoin was the most difficult, for me, to grasp. I think that I'm between the “Miners have a stronger voice than the rest of the users consensus-wise” argument and the block-size debate.

Right next to those, I'll easily put Elliptic Curve Cryptography and the Lightning Network as a concept. How about you?

I recently received a message about a(nother) cryptocurrency that has implemented/will implement a new type of mechanism called “Proof of Useful Work”. The paper explains that PoUW aims to achieve usefulness during mining which can be used in artificial intelligence and in treatment of patients.

However, I can't seem understanding how can this work and because I didn't bother much, is there anyone who has heard of it and understood it so they can share their thoughts here? It sounds nice in theory, but in practice I'm sure it'll just lead to the creation of another pump & dump crypto.

First of all, I'd like to confirm that I have the correct technical background of the way NFTs work in my mind. So, let's say Alice wants to sell her digital art (image) to Bob.

1) She hashes her image and announces to everyone that this hash is owned by her.
2) Bob gives Alice an invoice which says she gives the rights of her art from her address to Bob's.
3) Once she announces it, it's Bob's. Now Bob can prove to anyone it's his art and Alice can prove it was her art before she handed it out to Bob.

In order for Bob to upload his now-owned art, he chooses as many NFT marketplaces as possible and uploads the file plus the hash. Any seller can verify it's Bob's and that he hasn't lied.

Let's see how can this work in Bitcoin:

1) Alice creates a transaction containing the hash of her image next to OP_RETURN and the state of her art. (Currently hers)
2) Bob gives Alice his address.
3) Alice creates another transaction which contains the hash of her image and a statement which reveals she wants to give the rights of her image to Bob, revoking her previous transaction rights.

Therefore, people can see where the first transaction of that art was made and follow the spent outputs to reach the current owner.

[Disclaimer]

Disclaimer:  I have no affiliation with Brandon Quittem and I wish this doesn't look like an advertisement which will bring traffic to their website.

However, I recently read an excellent writeup written by them and I wanted to share it with you, guys. Doin' my best to provide some quality content to the “unfortunate” Bitcoin Discussion. ​It starts with an acceptance; that life follows circles. That there are four generations in the so-called Saeculum (90 years) and that currently we're in the last one.

Why four? The following makes sense:

• Weak men create bad times.
• Bad times create strong men.
• Strong men create good times.
• Good times create weak men.

During this Saeculum, that started in 1946, we've passed over artists, prophets, nomads and at the moment we're at the last mood, heroes. It describes that, currently, there are and will be crisis until the end of the decade, at least. Then, as a reference to the known quote that history repeats itself, it analyzes what happened in the previous fourth turnings and how you can protect yourself with Bitcoin during this one.

Just a short summary. It's a very bullish article and I recommend its reading unreservedly: brandonquittem.com/bitcoin-rhythms-of-history

This is my bitcoin.conf:

Code:

# RaspiBolt: bitcoind configuration
# /mnt/ext/bitcoin/bitcoin.conf

# Bitcoin daemon
server=1
txindex=1

# Network
listen=1
listenonion=1
proxy=127.0.0.1:9050
onlynet=onion
#bind=127.0.0.1

# Connections
rpcuser=[USER]
rpcpassword=[PASS]
zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28333

As you can see I only relay through Tor. Due to the easiness Tor provides, I theoretically can contribute to the network's bandwidth by allowing incoming connections without having to port forward anything. However, I don't understand why I get 0 incoming connections.

Isn't listen=1 and listenonion=1 enough? What do I do wrong?

I was wondering, what do you think it's better for readability?

This is an example. With one space. Do you like it?

This is an example.  With two spaces.  How about that?

[node]

Due to a recent disagreement, I think it's advisable to define what's a full node.  Definitions are strict, so wherever you consider I'm wrong, correct me.

For every computer that is directly or indirectly connected to the Bitcoin network, we say that it consists a node of the network.  These nodes can either share the block chain, be servers of lightweight clients, contribute to the lightning network's capacity etc.  So, anything that sends and receives information to/from the Bitcoin network can be referred to as a node of it.

A full node is a node that forces all the consensus rules^[1].  They download every block that is sent to them and verify its validity based on these rules.

Myths about full nodes:

• They necessarily keep the whole chain.  False.  Those that discard past blocks are called pruned full nodes or pruned nodes for short.
• “Full” stands for full features.  False.  “Full” stands for full verification.
• Full pruned nodes do not contribute to the network by relaying blocks.  False.  They can advertise themselves as having the latest blocks and therefore, can help the network's bandwidth.

[1] https://en.bitcoin.it/wiki/Consensus

Πληρώνομαι από ένα signature campaign σε αυτό το φόρουμ κάθε βδομάδα. Πρέπει να φορολογηθώ για αυτό ακόμα κι αν δεν ξοδεύω τίποτα απ'ότι λαμβάνω;

Maybe a dumb question, but why should I display irreversibility as an advantage? I recently made a transaction using bitcoin and waited for long time to receive what I purchased. So long that I thought I got scammed.

How can I, as a customer, be protected my malicious sellers? I can't really use an escrow service every time, I need to ensure the seller will be discouraged to steal my money with a smarter, cheaper and more comfortable way. For instance, PayPal transactions are reversible within a time frame of 6 months. I could address them.

How can the police confirm I've got scammed and not lied? It's definitely harder than with cash if the seller knows how things work.

The sharing of a copyrighted content, such as a movie, image, book is prohibited if it's not of the artist's or author's awareness and they illegitimately purchase it or enjoy it for free. Websites of the clear net can be shut down if it's demanded by law from the contextual government.

What happens in a scenario where the sharing of the copyrighted content is censorship resistant? Where you can't stop the sharing as it happens peer-to-peer? Does that make running a node illegal? What can the author do in such cases?

I know that transactions are indissolubly connected from the coinbase reward to their yet unspent transaction outputs. Once you spend an amount, then the change can be easily traced. If you use CoinJoin, you just make the result harder to be concluded, but still; with the analysis one may do, you may get yourself traced.

What I don't understand is how can you trace a person who has mixed the coins in such way that there's no connection between their last UTXOs and the outputs they wanted to mix. It sounds impossible or realistically impractical given that there may be thousands of people who mix coins.

I read tweets about bitcoin since I follow mostly bitcoin related accounts, but I have to admit; there's a ton of BSV supporters. I mean, many, not just a bunch of bots or Craig and his BSV bitcointalk accounts. (Whose topic I still don't get why it isn't deleted)

Seriously, just search for “Craig Wright” in Twitter.

I don't understand what's the incentive of those people on continuing this propaganda. Do they really consider their arguments valid? Are they convinced that Craig is Satoshi even though there are numerous accusations that suggest otherwise? Do they get paid for doing it somehow? I haven't ever met a person who supports it in real life, but I can imagine they'll have some sort of disorder to do it.