Bitcoin Forum
June 29, 2022, 10:25:09 PM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 »
1  Bitcoin / Bitcoin Discussion / The paperclip maximizer. on: January 30, 2018, 05:02:38 AM
It only recently occurred to me how potentially dangerous PoW coins are.  That's of course bitcoin, but the whole lot of PoW coin have a similar danger to them.  This includes a whole lot of top-20 coins.  I've always found the waste of PoW silly, but I only recently realized how dangerous this is.  I scattered this opinion in a few other posts, but I would like to start a dedicated thread for it.

So there will be some repetition. What if bitcoin wasn't a currency or an investment tool, but rather a waste maximizer, that only USES aspects of investment, gambling, speculation and so on, in order for it to maximize waste production ?  Imagine that Satoshi was an entity that wanted to "destroy humanity by waste", but doesn't have bombs, virusses or anything else.   He would like to make a device that makes humanity self-destroy, simply with a laptop.  How could he do it ?  What if he invented a "paperclip maximizer" that turns humanity, by leveraging personal greed, into a big rat race to stop doing useful things, and turns all efforts into making waste ?  Something that will only end when there's exhaustion of resources to continue to produce useless proof of work. When humanity will have wasted all of its resources on proof of waste, and there's no more of it.

Bitcoin, being a proof-of-work engine that uses a game of speculative tokens to inspire people to waste more and more resources on doing useless calculations to make less and less of more and more expensive tokens, is right now at least consuming 2 GW (if all hashes are done with the latest antminer S9 class waste-machines). But difficulty hasn't reached equilibrium with the new prices and the new tech yet. We know that mining at this moment is hugely profitable the time it takes for difficulty to catch up with the market. There's about a factor of 5 to be won. So we can take it that bitcoin at current market cap in equilibrium wastes 10 GW and a lot of hardware. That's the power consumption of a country like Belgium. One has to admit that the machine to produce useless waste calculations has done a good job in 9 years time. It is the sole piece of free amateur software that has been able, purely by itself, to inspire people by their greed to waste 10 GW, with as sole return, the right to transact some tokens while wasting even more to a greater fool. Obviously, this thing cannot be stopped any more, as long as it can go up.

Current market cap is less than 1/200 of all of fiat if bitcoin were a currency (it isn't) ; but most importantly, it is 1/10000 of the entire speculative assets market cap in finance (estimated at about $2 quadrillion). Suppose that 1% of all speculative assets are invested in bitcoin in the longer term, or suppose that bitcoin takes a major part of the fiat market. In both of these cases we can hence expect yet another factor x100 in market cap. And hence in electricity use. At that point, bitcoin will use 1TW of electricity: 1/3 of earth's electricity production. It will then also have absorbed grossly all of hardware production on our planet. Most of our economy will be oriented towards producing proof of work: the biggest pile of useless calculations in the world, unstoppably driven by the motor of finance and greed - a decentralized, unstoppable paper clip maximizer. Once it runs out of resources to maximize proof of work, it will be done. And we, with it.

But until then, there's no stopping of it. No big capital will be able to resist. No investment can afford not to be part of it. The harder silly governments will try to stop it, the stronger it will become.

I'm very bullish on bitcoin. This thing will go up to destroy humanity entirely. Unstoppable. Everything will be converted in bitcoin mining. No other form of investment will be able to compete. This is the Armageddon machine that will make many of us rich for a very short period. And then we will find out that we can't eat Antminer hardware.

Why could the economy not continue to produce, say, Beanie Babies ?  Economically, you cannot make Beanie Babies with an expected ROI of, say, 5%, if there's an opportunity to have a return of 500% by buying a device that consumes electricity and spits out money. (as must be grossly the case right now for a short period, the time difficulty adapts and competition increases) As long as the market value of the mining rewards is way higher than the cost in electricity and hardware by a significant factor, EVERY sensible investor will only want to finance your activity if you will be using his funds for mining. Any industrial capital will leave Beanie Babies factories, but also farmers, plumbers, supermarkets, and all the rest, if there's a much higher ROI possible by buying devices that consume electricity and spit out money. Or in MAKING these devices (because of course, the high demand for these devices will make them expensive too). So any investor will turn his TV factory into a mining device factory ; any chip maker will push aside anything else but mining chips. Simply because the ROI of these things is so much higher, and so much guaranteed, than anything else, that it would be pure financial idiocy to take another decision, and defend it before share holders.

If there is a large-scale investment opportunity that brings much higher ROI than anything else in the economy, essentially all activity stops to reorient towards that activity and its supporting environment. This is what you can see on a much smaller and much more local scale in gold rushes. Everything but the bare minimum of survival is oriented towards digging gold. In NORMAL economic circumstances, such huge economic ROI are the result of a very high NEED. So it is useful to re-orient the economy towards the relief of that need. The market responds to an important need. However, in this case, the economy is making WASTE. There's simply a HUGE speculative demand for waste. No need is relieved by this economic re-orientation. Usually, these phenomena are too short to damage the world economy, because the potential gains quickly die out. But this thing has the potential to generate such a huge demand for waste, that it can turn a large fraction of our economic potential into a huge machine that makes waste. The paper clip maximizer. In our case, the proof of work maximizer.

If we are talking about "machines that consume electricity and spit out more money than they consume electricity" on a planetary scale, all economic activity will get oriented that way. One has no choice in that rat race. The rat race will end, when the ROI of bitcoin mining will fall to levels comparable to other economic activity. At the expected "end value" level of bitcoin, the only way for that ROI to fall so low, is when it consumes 1/3 of the world's electricity and most hardware. So before the whole economy will have done that, the attraction by high ROI for bitcoin mining will be irresistible for most investors. What dumb-ass is going to make Beanie Babies (or hamburgers), if he can plug in a device that makes him more money ?

One may say: there are the halvings that will save us.  The halvings make this waste maximizer seem less dangerous. But in reality, that's not what is happening. At the last halving in 2016, hash rate only blinked slightly and went up again. Note also that fees are becoming a significant part of the block reward. It is not clear whether the halving will give rise to increased speculative expectations of price rise (in which case it is even worse), or will lower difficulty.  The halvings may have in fact an amplifying effect. Historical data indicates that halvings never decrease hashrate:

https://blockchain.info/cha...

Look at it in log scale... and think that the end point is now "a small country like Denmark". Does that curve look like it will not gain another factor of 100 or so ? We did a factor of 10 in 1.5 years...

Remember that 1/3 of world's electricity consumption is for "1% of all investment". If there's an expected price rise, that might be more. This can double at the halvings.

Usually, in the free market, greed is a good thing, because it stimulates people to produce VALUE.  Bitcoin's inventor is, to my knowledge, the only guy who found a way to turn this into a stimulation to produce entirely useless waste (heat and calculation results that couldn't be less interesting).  Bitcoin is the most powerful computer in the world, to spit out the most uninteresting calculations ever, namely funny hash function pre-images.  So, was bitcoin simply a device for destruction of humanity's economy on world scale ?  We are only a factor of about 100 from global disaster at this moment.  Since mid-2016, bitcoin's hash rate increased already 10-fold.  Is another factor of 100 really excluded ?
2  Alternate cryptocurrencies / Altcoin Discussion / I don't understand the strong market correlation. on: January 17, 2018, 06:30:15 AM
It's all in the title: I don't understand the almost perfect market correlation in crypto.  That doesn't make sense.  It did make sense when crypto was bitcoin, but now that bitcoin is one third of crypto, what's the cause of this strong correlation ?  Whales are not whales in all of crypto.  If they dump, they can only dump the coins they own ; other chains shouldn't be affected.  You might think that people keep portfolio ratios, but that's in contradiction with bitcoin's market share fluctuations of the last few months.  You might think that ethereum and crypto are the only crypto/fiat gateways, but 1) that is not true (Kraken has many fiat/crypto pairs) and 2) that doesn't matter, because you can trade any crypto X for any crypto Y, using only exchange IOU of eth/btc for a few seconds, without ever transacting real bitcoins or real ether, and hence, you're only depending on the volatility during these few seconds, and you don't care anything about their absolute market position.

Crypto market is moving as one single monolithic bloc, and that simply doesn't make sense.  Any idea ?
3  Alternate cryptocurrencies / Altcoin Discussion / The crypto market becomes efficient on: January 03, 2018, 05:54:42 AM
When  we look at 2017, I think the most important happening is that bitcoin lost its monopoly.  Exactly 1 year ago, bitcoin's market share was 85%, and apart from some glitches, had never been below 80%.  Then it crashed down to 40% or so, to have a dead cat's bounce back to 65% and now we're at an all time low < 40%.  Remember, on top of this, that about 20-25% of bitcoin's coins are dead, so the real market cap is 20/25% less than that, so bitcoin's real market share is less than 30%.   This never happened before.

Nevertheless, bitcoin is still market leader.  It has been close with ethereum on June 15th, when bitcoin was only 30% higher than ethereum (if you discount the dead coins, they were really close !).  But Ethereum's market share also fell.

What is interesting to see is that "other coins" is now the second most important market share.  Bitcoin is not really losing from "number 2" all by itself (be it ETH, XRP, ...).

In all this, however, people talk about the amazing run by bitcoin.  Yes, bitcoin went up about x15 in 2017.  And alt coins went up x 150 !  The market cap of alt coins was somewhat more than 2 billion one year ago, now it is more than 300 billion.  However, even though within the alt coin market there are a few heavy weights, there's not one clearly dominating like bitcoin did.  The first place has been bitcoin since its inception, but the second place has not been so evident.  And the third place even less.

What does this mean ?  It means that the market becomes less and less evidently predictable.  7 years ago, if you wanted to invest in crypto, you bought bitcoin, period.  Now, it is not clear and it will become more and more opaque. 

My take is that bitcoin's dominance is gone for good.  This is not a glitch that will recover, and we won't see bitcoin at 80% market share any more ever.  Bitcoin is still a very big name, and it is not clear if bitcoin will lose its 1st position in 2018 or not.  But all the rest becomes much more opaque.  Nobody will be able to say who will be number 2 in 5 years from now (I wouldn't even bet on bitcoin being number 1).  The market will become efficient, and gains will not be easy any more.  What seems to be a grower today, can be a loser tomorrow.  Like in the normal stock market.

The question will be of course, what will happen psychologically to alt coins, at bitcoin's loss of position 1, if it happens.  Because then, it will be clear for everyone that crypto doesn't last for ever, which is the belief that kept it going until now.  If the original coin is not number 1 any more, and there are thousands of other coins, and just any Joe can start a coin, what's the value of such a thing in the long term ?
4  Bitcoin / Bitcoin Discussion / Bigger blocks, multiple layers, transaction scarcity and bitcoin economy. on: July 23, 2017, 11:24:30 AM
This discussion took already partly place in -ck's self-moderated thread concerning the Barry Silbert segwit2x thread, where -ck considered this off topic.

Here are the last few posts related to this:

https://bitcointalk.org/index.php?topic=1928093.msg20316377#msg20316377

and

https://bitcointalk.org/index.php?topic=1928093.msg20317250#msg20317250

Now, of course this isn't discussing *directly* the Barry Silbert agreement, but it does discuss the underlying aspects.  After all, what is "special" in the segwit2x, is the 2x, the fact that one proposes to break out of this 1 MB limit, and hence all the arguments for and against touching the block limit.

Segwit, all by itself, is:
a) an improvement on some technicalities modifying the way transactions are done in bitcoin
b) also a "trick" to keep some essential cryptographic data within a 1 MB block, while extra data of the transactions is now made available outside of that 1 MB block, but in such a way that old clients wouldn't recognize it, and hence, wouldn't complain about "too big blocks".

As "more transactions for the same network and computing infrastructure resource usage", Segwit is very similar to a modest block size increase: the TRUE burden on computing and network resources increases somewhat, and it can also allow somewhat more transactions - exactly as a block size increase would do.  The only thing that has been done, is to split the transaction data in two chunks, one that goes into an old block less than 1 MB, and the rest that goes "next to it".  If you don't want to understand the transactions in detail, you can keep only the old blocks and then you remain within the 1 MB limit.  But that's a cheap trick, nothing more.  In as much as a block size increase can be repeated, and repeated, the "segwit trick" is a single shot trick, and you cannot "segwit, and segwit more, and segwit even more" until we have 500 times more transactions in the same 1 MB block than now.

So, as a transaction-increasing "solution", this is a very small and single-shot improvement that is much more complicated, and much less flexible, than simply changing one single parameter in the bitcoin core client: the maximum block size.

However, segwit's technical modification makes it much simpler to ADD LAYERS to bitcoin, from side chains to the lightning network.

The argument goes that these extra layers will make the "scaling problem" go away.  The "scaling problem" is that the *technical burden* of resource usage for individual users contributing to the decentralization of the bitcoin system becomes too large when too many transactions are to be voted over, and that individual users will "stop running full nodes" and hence let bitcoin's consensus "centralize" in the hands of a few power users.  Indeed, if bitcoin's model were that all users were to contribute to the consensus, then bitcoin's resource usage would grow as N^2 where N is the number of users (at an average amount of transactions per user), and bitcoin's burden per user would grow with N.  At a certain N, so the story goes, users will stop contributing to the consensus, leaving the decision to bigger boys.  

==> this is the main argument for leaving the block limit in place, and be "careful" in touching it.

This argument is entirely false, for the following reasons:

1) the consensus decisions are not taken by full nodes, but by miners.   This is done on purpose in bitcoin, to avoid the easy sybil attack on "number of nodes".  Proof of wasted economic value (proof of work) is what secures bitcoin.  The amount of wasted economic value needed to secure bitcoin is many, many of magnitude larger than the technical burden to run full nodes ; hence, whenever you can contribute somewhat to the bitcoin consensus, the main part of your cost is not running a node, but wasting work.  And if you don't waste work and prove it, you have nothing to say in bitcoin's consensus, and hence, you don't contribute to the decentralization.

2) "poor Joe with his node in his basement", as a bitcoin user, has to pay for the wasted value on proof of work, like all bitcoin users.  So if he cannot afford his node, maybe he cannot afford using bitcoin all together, because he's paying, like anyone, for the proof of wasted value.

3) Bitcoin uses "remunerated hash cash" in order to stimulate decentralization.  That's something that doesn't work.  Hash cash prevented people from "pretending they are many", because when they pretended to be many, their COST (the value they needed to waste) was proportional to the number of people they pretended to be.  So at a certain point, hash cash made it too expensive to pretend to be 10 000 voters.   But of course, you totally kill that idea if you REMUNERATE people proportionally for pretending to be many voters.  In fact, whether "pretending to be many" becomes lucrative or not, depends on whether you can out-compete others in your "cost per unit of pretended voter".  And here, we get economies of scale, making this MORE LUCRATIVE for those that do MANY SYBIL attacks.    This is now even so accepted, that 5 or 6 entities can vote as if they are half the number of bitcoin users (the 5 or 6 biggest pools).  So bitcoin's remunerated hash cash leads in any case to an oligarchy of voters pretending to be most of the users: the miner pools we have seen.  That's because "remunerated hash cash" is a failed idea against sybilling.  Bitcoin has in its heart, a mechanism that "makes bigger boys emerge" in any case in the decision process.
 
But there IS a good reason to keep the number of transactions scarce !

Indeed, in the long run, all this proof of wasted value will need to be paid by the fees of people wanting to do bitcoin transactions.  As this amount of wasted value needs to be HUGE (because that is what bitcoin's protection is about: it has HUGE wasted economic value proved, and if you want to attack it, you need to prove MORE wasted economic value), the fees need to be important.  And people will only pay important fees if transactions, the cheapest possible transactions, are nevertheless scarce, so that they are expensive.

One way is keeping the blocks small.  That obviously will render transactions scarce.  But one shouldn't, then, put a second layer on top of bitcoin.  Because if one does, these transactions may become cheaper, and they will crash the market of "on chain transactions".  So off-chain transactions must ALSO be scarce and expensive, or bitcoin breaks down !

It doesn't matter whether your transactions are on chain or off chain: they must be expensive !  Because it is this price that pays for bitcoin's security, its continuous waste of economic value.  And, as I said, this price is MUCH MUCH larger than any technological cost of resource usage of block chains.  So at no point, the resource cost (of "big chains and big blocks") comes into play in this thing.

That is, by the time that blocks would become so big that they generate a significant *technical* cost (disk space and so on) as compared to the cost of proof of wasted value that needs to be paid, bitcoin would have become insecure because not enough PoW in any case.  The waste on PoW will always be orders of magnitude larger than any waste on technical resources, or bitcoin is dead.

So, yes, one has to be very careful, not with the SIZE of the block chain, but with the SCARCITY OF TRANSACTIONS.  All of them, off chain and on-chain.  Bitcoin can only keep working if transactions remain scarce and expensive.

For the moment, and still in the coming decade, bitcoin's wasted economic value is still mainly paid for with inflationary tax, so we haven't seen the difficulty yet.

Organizing the scarce transactions in several layers is hence rather useless, because even though one would win something on the side of technical costs, this doesn't contribute anything to decentralization (bitcoin is designed to centralize due to economies of scale in remunerated hash cash), and it doesn't have any significant effect on the true cost of bitcoin, which is mainly due to proof of wasted value, much larger than the technical costs.

However, organizing transactions in several layers DOES have an effect: one gets hierarchies of power, and layers of delegated trust.  In other words, exactly how the modern financial system is layered, with different layers of trust and of power.  Decentralization is already gone, cheap transactions are not possible because they need to pay for proof of wasted value as a security, and now, permissionlessness will be the next thing that fades away from bitcoin, where we get complicated layers of power where Joe needs to ask permission to layer N to participate before he can transact.  His node in his basement was going to be the least of his worries !

TL;DR

bitcoin needs scarce and expensive transactions in the long run to keep financing his "remunerated hash cash" security.  It doesn't matter in how many layers these scarce transactions are distributed: they all need to be scarce so that people pay enough fees.
The techical costs of bitcoin (disk space, network access....) are minuscule as compared to the cost of using it (because of the need of having to pay for proof of wasted value).
5  Alternate cryptocurrencies / Altcoin Discussion / wanacry road-blocked by monero mining botnet that was already in place. on: May 17, 2017, 03:27:41 PM
Haha, love this:

http://thehackernews.com/2017/05/smb-exploit-cryptocurrency-mining.html

Crypto is finally finding its way Smiley
6  Bitcoin / Bitcoin Discussion / Changing signature scheme in bitcoin. on: April 24, 2017, 06:17:01 AM
To @iamnotback (now BitNet):

I'm not going to reply again to your erroneous "rebuttals" of my arguments, but there was one point you made which is very pertinent, and where I learned something (at last) from those discussions:

The emphasis is on providing maximum protection against UTXO (unspent funds), because in the worst case scenario then at least the balances can't be stolen even though they can't also be spent. And then the technical solution is very easy. The person who wants to prove their spend transaction is the correct one and that the attacker's cracked spend is fraudulent, need only hash their public key with a choosen nonce appended H(address|nonce), then publish this to the blockchain and let it confirm before sending the spend transaction. Then include a hash of that nonce in the spend transaction. In a future block after there is confirmations of the prior published items, then publish the nonce to a block.

This, I recognise, is smart, and I didn't think of the fact that a hashed *public* key, can also serve as a (symmetric) *secret* key in a hash-based signature scheme, without any asymmetric cryptography.  

That doesn't alter much of what I said about the clumsiness of the way that most of the crypto in bitcoin is implemented, where your "rebuttals" (often mixed with insults) weren't of sufficient pertinence for me to consider that they countered much, on the contrary. I'm going to stop discussing that, because after having explained several times, in too long posts, exactly what I meant, you don't seem to put any effort in it to understand them and eventually to point out where I might make mistakes - apart from the smart point you made here above.  As I'm now convinced that psychologically you NEED Satoshi to be an evil genius, I know that there's not much rational discussion to be had further on that topic, which is a pity.  But in any case, thanks for the above point, I (finally) learned something.

As to the future of bitcoin, nobody really knows where it will go, I don't hold a very high opinion on it, and up to now - after having been seriously enthusiastic about it, nothing of significance has convinced me of the opposite, but then, prediction is difficult, especially if it concerns the future, and of course, I can be totally wrong about that.

7  Bitcoin / Bitcoin Discussion / Why ASIC BOOST is necessary. on: April 21, 2017, 07:14:14 PM
As there is visibly a strong desire to remove, censor, displace ... certain subjects on which no rational counter argument can be given, I post here again a reasoning on which I would like to have only rationally argumented answers (although, because I believe in freedom of speech, I don't self-moderate this thread, and everybody is welcome to say whatever he wants).

It is maybe interesting to outline again, as succinctly as possible, the different aspects of the PoW scheme of bitcoin.

The PoW scheme is used for 3 different things, and with ASICBOOST, 2 of them matter, and they are:

1) the competition to get block rewards
2) the cryptographic security of the block chain

(the third, deciding upon consensus, doesn't matter here)

These are two totally different aspects, which, unfortunately, have been mixed together in bitcoin (and many other crypto).

Now, what is PoW ?  It is essentially the *economic difficulty* to provide for the solution of a cryptographic puzzle, that is, to make a hash that has a given number of leading zeros.  Note that it is the *economic* difficulty that matters here, not "the number of calculations done".  The ratio between both comes from *technological and mathematical ingenuity*.

This economic difficulty makes that the competition to get block rewards goes mainly to those that have spend most in the technologically and mathematically most efficient way; and that the cryptographic security comes from the economic cost needed for an attacker to "overdo" the solved puzzles.

Of course, the higher the ratio of difficulty of puzzles solved over economic difficulty (given by the mathematical and technological ingenuity known and available to attackers), the lower the security of the PoW.  Each time an improvement is found, the PoW security is lowered (attackers can solve now, with the same economic cost, more difficult puzzles again) ; but also, each time an improvement is found, miners can apply it and up the difficulty of the puzzles that PROTECT the system.  So miners should always use the highest state-of-the-art technology and mathematics to secure the chain, or they will have higher economic costs than attackers.

==> for matters of security, there's no discussion, miners should use ASICBOOST, and all the best and most efficient technology and maths available to solve the most difficult puzzles.

However, one might think that concerning "winning the block rewards" there is an unfairness.  One should "do all the hashcash calculations without jumping any of them" or some other "fairness" concept.

Now, is the standard way of doing PoW in bitcoin adhering to that ?  The answer is no.

A full hashcash calculation consists of:

a) taking a block header of 80 bytes, and split it in a block of 64 bytes, and a remainder, that is padded in a prescribed way into  another block of 64 bytes.

b) apply a hash compression function to the first block with a standardized initial vector.

c) feed the output vector of that calculation in the hash compression function and apply it to the second block

d) take the output vector, pad it to 64 bytes, and apply once again the compression function to it.

Now, what does the STANDARD algorithm ?

it RE-USES step b) for many block headers where the first block is kept constant, and only applies steps c and d when the nonce changes, which happens to only influence the second block.

What does ASIC BOOST ?

it RE-USES part of step c), essentially the key schedule of the compression function, and re-uses also pre-calculated steps b).

So nor the standard algorithm, nor ASICBOOST do a full hash calculation of each newly tested block header.  It is just that re-using part of step c) is much smarter than only re-using step b), because in re-using step b) one cannot re-use a key schedule which is intensive.

Note that in the asicboost paper, what is normally known in block cyphers as the key schedule is called there "the expander", and what is usually known in block cyphers as the "data mixer" is called there the "compressor".

==> for matters of fairness, even the standard algorithm of bitcoin mining wasn't "doing all the hashes" already.  So being somewhat smarter and re-using somewhat more of the calculations (moreover, with a technique that is standard practice in symmetric cryptography, re-using the key schedule) is only that: being smarter in organizing one's calculations.

(the original post is now moved from bitcoin discussion to some obscure place on the forum where, I suppose, it was hoped that nobody would find it...)

The reason why I want to bring this up, is that it seems that ASIC boost is considered "cheating" or "an attack" by some, and if I try to argue with them, they censor or oppose or do other things (<-- I'm not sure yet, testing things), but never have a sensible argument.

So, why is asic boost necessary ?  Because it is public knowledge now, and if miners DON'T use it, they render the PoW scheme more vulnerable.

If anything, the biggest problem with rendering a PoW improvement both public and patented, is the best way to decrease PoW security.  So if there's any "exploit", it is by the one that tries to take a patent on it.

Indeed, imagine the day that someone takes a patent on a method that, say, increases the PoW calculation efficiency with not 20%, but a factor of 20.  At that moment, PoW security is entirely gone.  No honest miner can permit himself to use it, because of patent liabilities.  But an attacker now knows how to attack the PoW scheme (the patent renders this knowledge public).  So even though the attacker could expose himself to a patent liability, he can nevertheless execute an attack successfully with the 20 times lower security of PoW.

Imagine that ASICS were invented, but patented, and not sold to miners, but that the producer of ASICS kept them for himself, and he could stop anyone from buying them, or making other ASICS because he was holding the patent on it.   Now, wouldn't that have been quite a dangerous situation for the PoW security ?  No miner would have ASICS, and at most GPU or FPGA, but there would be a guy fabricating tons of ASICS that cannot be legally used by anyone else but him.

8  Economy / Reputation / How Lauda censors. on: April 21, 2017, 07:06:44 AM
I just got some posts deleted from Lauda in his thread, I must visibly say things on which he doesn't have any answer:

Quote from: Bitcoin Forum
A reply of yours, quoted below, was deleted by the starter of a self-moderated topic. There are no rules of self-moderation, so this deletion cannot be appealed. Do not continue posting in this topic if the topic-starter has requested that you leave.

You can create a new topic if you are unsatisfied with this one. If the topic-starter is scamming, post about it in Scam Accusations.

Quote
What is holding back other technological countries to compete head to head with these giants? Silicon Valley?
From a technological standpoint... nothing is preventing other countries from competing...

Economically however, have you seen the costs involved in manufacturing in "First World" countries? There is a reason the majority of items you'll find in a lot of stores are all marked "Made in China" (or some other SE Asian country)...

And then there is the enormous costs involved with the production and supply of electricity... If other countries had similar manufacturing and electrical supply costs to China, you can be damn sure that there would be massive mining operations in those countries as well...

Moreover, most electricity for mining in China is probably stolen.

Quote from: Bitcoin Forum
A reply of yours, quoted below, was deleted by the starter of a self-moderated topic. There are no rules of self-moderation, so this deletion cannot be appealed. Do not continue posting in this topic if the topic-starter has requested that you leave.

You can create a new topic if you are unsatisfied with this one. If the topic-starter is scamming, post about it in Scam Accusations.

Quote
Asic's acctually killed the entrepreneurial spirit of Bitcoin mining for me and industrialized it.

Yes, and that was being built in from the start, if you read Satoshi's early messages.  Bitcoin mining in a P2P network was only to bootstrap the system (with "useful idiots" I would say), but afterwards the idea was that one would go to a centralized mining farm network backbone, with users only having light clients connecting directly to miner nodes, not even downloading the block chain.  That, at least, was bitcoin's initial vision.  

This is why it is ridiculous to be shocked by a 20% gain in efficiency using a smarter calculation, and not be shocked by the introduction of ASICS.

Quote from: Bitcoin Forum
A reply of yours, quoted below, was deleted by the starter of a self-moderated topic. There are no rules of self-moderation, so this deletion cannot be appealed. Do not continue posting in this topic if the topic-starter has requested that you leave.

You can create a new topic if you are unsatisfied with this one. If the topic-starter is scamming, post about it in Scam Accusations.

Quote
If the current profit margins are 1% and you covertly save 20% energy by using this patented exploit, you are looking at 19-20 times more profit than the competition. The lower the current profit margin, the higher your advantage is (percentage wise).

That's always the case with technological improvements.  The mobile phone completely killed the pager.

This is exactly how the ASIC miner killed the CPU miner.

I already outlined that asicboost is a (quite trivial) improvement of the hash calculation efficiency, in the same way that the standard algorithm is an improvement over "calculating a complete hash for every other nonce":

https://bitcointalk.org/index.php?topic=1871610.msg18655534#msg18655534

Each time an invention is made public by which the needed proof of work can be done with less (financial) effort, the security of PoW diminishes.

The security of PoW doesn't depend on the effort spent by the miner, but by the effort needed by the attacker (who can use, of course, all public knowledge to do so).

If tomorrow, I publish a technique to show how to calculate proof of work with a difficulty of 10^40 with a pocket calculator, then there's no point in asking miners not to use that technique: any attacker will.  If miners DON'T use it, they will render PoW less secure than if they use it to up the difficulty for the attacker.

I *seriously* doubt that such a trivial optimisation can be patented and that patent upheld in court, because it is the same method that all symmetric key systems routinely use: key-reusage, but in any case, the one that made PoW seriously in trouble is the one that patented that improvement: by publishing it, he made attackers aware of the possibility, and by patenting it, he refrained miners from being able to use it to counter the lowering of the security level.

Note that this kind of thing only comes about because of the fundamental idiocy of PoW as a security mechanism, where the effort of the attacker is not greater than the effort of the "good guy" (the miner).  No other cryptographic protection is so bad.

EDIT: a technical explanation of the asic boost idea is here:

https://bitcointalk.org/index.php?topic=1874983.msg18636338#msg18636338

with explanation:

You are not welcome in my threads. Do not respond anymore.

Clearly, there must be some arguments that Lauda has no way to respond to, and hence does what most sophists, when cornered, try to do: censor.

Because you can hardly say that my posts were insulting, spamming, off topic, or whatever.

There must be something in there that perturbs him/her fundamentally.

EDIT: to Lauda, note that this thread is NOT self-censored, so feel free to react.  I believe in free speech.
9  Bitcoin / Bitcoin Discussion / an explanation of asic boost on: April 18, 2017, 08:29:02 AM
There has been a lot of discussion about the "cheating" due to a "secret algorithm" that is ASIC BOOST.  I'm going to try to explain in rather simple but technical terms why "asic boost" is an almost trivial optimisation of hashcash proof of work.

First, we have to understand very well the structure of the SHA-256 hashing function, because it contains the key to understanding asic boost.  The sha-256 hashing protocol consists of two aspects:
- the overall protocol definition of how exactly a data set is cut up in pieces, and treated by a "compression function"
- the compression function itself, which is the heart of the system.  It is the subtle interplay between these two aspects, which renders the asic boost optimisation almost trivial.

The compression function of the SHA-2 family is defined in a long tradition of structures of block cyphers invented by the NSA since DES: Feistel networks.  In other words, the compression function of the SHA-2 family is not really invented to be a hash function, but is in fact a good symmetric block encryption algorithm, according to a typical structure used a lot by the NSA since 40 years.  For a hash function, there was no need to take this structure, but it can be used, although it is "overkill".  So, in order to understand this, we have to go still a step back, and understand block cyphers.

Block cyphers are algorithms that take a "block of clear data" and "a secret key", and produce a "cypher text block" of the same size as the data block.  DES, AES-256, blowfish, .... are all examples of block cyphers.   Now, the trick of these algorithms is to use the secret key to scramble the data, in such a way that we can unscramble the data again with that same key, but such that revealing the key is essentially impossible.  As such, these algorithms take two inputs: the secret key, and the clear data, and produce the cypher data.

This is done by processing the clear data in several "rounds of scrambling" in a pipeline ; and each round is fed with a "piece of key".  However, in order not to reveal the secret key, the original secret key goes through a "self-scrambling" procedure out of which come "round keys", one for each of the rounds in the data scrambling procedure.

Note that the "round keys" ONLY depend upon the secret key, but that the data scrambling will depend both on the data to be cyphered, and on the round keys, so on the secret key.  Usually, deriving the key rounds is "heavy" because you're supposed to do this only once, while you have to crunch a lot of different data with the same key (and hence the same round keys).

==> this will be the key insight of ASIC BOOST: the round keys only depend on the key, not on the data, while the data output depends on both.

cypher text (256 bits)  = f(key (512 bits), clear text (256 bits) )

Now, when using a block cypher type of algorithm in a hash function, the roles of "data" and "key" are inverted.  Indeed, in a cypher function,  clear data and the cypher data are of same length, and the key can be longer or shorter (usually longer: in AES-256, the key length is 256 bits, and the data blocks are 128 bits for instance).  When using this as a hash primitive compression function, one takes what used to be the "data" as the hash input and output, and what used to be the secret key is now the to be hashed data.

Now, this is funny: it means that the output hash with SAME DATA (same "secret key") and DIFFERENT INPUT HASHES can be calculated more efficiently (we only have to re-do the hash rounds, but we can keep the "key schedule" which is dependent on the data), than if we have the same hash input and different data.  

==> this is the "trivial" insight of asic boost.

Let us now look at how the overall protocol works in SHA-256.

1) we cut the data in blocks of 512 bits (64 bytes).

2) we pad the last block to make it full 64 bytes, including a word that tells us how many bytes we included in total.

Call these blocks D1, D2, .... Dn

Note that for a bitcoin block header, which is 80 bytes, this corresponds to two blocks: D1, and D2, where D2 is padded in always the same way (containing a tail that tells us that we used 80 bytes).  

3) make a construction so that:

H_i = f(key = D_i , "data" = H_i-1 )

with H_0 a fixed set of 256 bits: "5be0cd19 1f83d9ab 9b05688c 510e527f a54ff53a 3c6ef372 bb67ae85 6a09e667" called IV.

this initial hash value is part of the SHA-256 protocol.

The last H_i value is the final hash of the whole data set.

Now, in our case, we have only two steps:

H1 = f(D1 , IV)

H2 = f(D2, H1)

The "standard" way to calculate the hash, is to run over the nonce in D2.  But this means that each time, we have to REDO the key schedule of D2, and the fact that H1 is the same doesn't help us, because its treatment depends on the key schedule of D2.  The opposite, however, does, and that's the idea of asic boost.

The ASIC boost insight is that if we loop over D1, and we can keep D2 constant, the key schedule from D2 can be RE-USED with changing H1, just like in a block cypher application, the key schedule is re-used when one uses the block cypher over many blocks of a data file to be encrypted: the SAME key schedule is then introduced in the rounds that successively applied to H1, result in H2.

That's all there is to it: keeping the key schedule in the second invocation of the compression function, by keeping D2 constant.  There's no point in keeping D1 constant, because the constant H1 doesn't help us when D2 changes: the round keys are different and hence the whole computation of H1 into H2 has to be redone.

In fact, what ASIC boost simply does, is something akin to:

If you have to encrypt different data with the same key (here, the same D2), you can re-use the key schedule.  If you have to encrypt the same data with different secret keys (the standard way of doing things), then you cannot re-use anything.

In bitcoin's hashcash, this last H2 output still has to be re-hashed again once more, but this is an independent invocation of SHA-256, which in any case has to be done.

We get: D3 as H2 sufficiently padded to turn the 32 bytes of H2 into a 64 byte block, and then: H3 = f(D3,IV).

I'm surprised about 2 things:

1) that this rather obvious scheme wasn't thought off before
2) that the "re-use of the key schedule" as is normally always done in the application of block cyphers, is patentable.

10  Bitcoin / Bitcoin Discussion / The need for transaction scarcity (and why coindesk censors). on: March 21, 2017, 05:05:57 AM
Ha, coindesk has censored again one of my contributions.  You'll see why:

There are structural problems built into bitcoin from the beginning, and its biggest problem is what has often been hailed as its great virtues: the limited number of coins that will be in circulation when the Sun becomes a Red Giant, and the proof of work scheme that needs the biggest computing effort in history to make a cryptographically secure ledger.
This gigantic computing effort, needed to secure the ledger of all transactions ever, must be financed by something, and that is not a small amount. We are talking about about half a billion dollars a year to keep bitcoin's cryptography up and running. The early years of bitcoin, this has been financed essentially by inflation: the bloc rewards. It is still largely financed by inflation, but since the last bloc halving, fees have become a significant contribution to the financing of security by proof of work of the ledger.
The block halvings are needed to obtain a finite amount of bitcoin when the Sun will swallow the earth ; and to finance the huge computational effort to secure the ledger with proof of work, something else has to pay for it: the scarcity of transactions. If one finds "a solution" to the scarcity of transactions (be it large blocks, or off-chain transactions), bitcoin's economical model crumbles, because there is no scarcity any more that will pay for the huge proof of work.

Because the (poor) cryptographic security of proof of work is simply that it is too expensive to break it. So bitcoin's security is tied to wasting a lot of value. That value has to come from something. As the inflation tax is shrinking, only transaction scarcity can take over. Hence, transactions must remain scarce and expensive, or bitcoin becomes insecure.
And hence, there shouldn't come a "solution" to the problem of transaction scarcity.
11  Alternate cryptocurrencies / Altcoin Discussion / ZCASH trusted setup "failed" ? on: November 14, 2016, 02:47:01 PM
There's a long article on coindesk about the trusted setup of ZCASH.

Now, given that the *apparent* market cap of ZCASH is actually falling, is this an indication that the "golden key" is printing coins ?

After all, we expect the price to fall because more coins are mined, but that's because we divide the market cap by more and more coins to have the coin price.  But imagine that there are more coins than officially known ?  The calculated market cap would then decrease even if the actual market cap (with a lot of golden key coins) were rising, because one would only multiply the price with a part of the amount of circulating coins...
12  Alternate cryptocurrencies / Altcoin Discussion / What fraction of ZCASH are now anonymous notes ? on: November 01, 2016, 05:32:28 AM
I have the impression, looking at the chain explorer, that ZCASH is not being used as an anonymous coin.  Most transactions if not all are "standard bitcoin style" transactions, with open sender and receiver, and amount.

Suppose that I want to use ZCASH to be anonymous, am I then the only member of the "perfect" anonymity set of ZCASH ?

How to find out somewhere how much of ZCASH is in notes ?
13  Bitcoin / Bitcoin Discussion / How much would it cost to make a totally new bitcoin block chain ? on: October 13, 2016, 03:49:27 AM
Gedanken experiment: suppose a mighty organisation wants to take over bitcoin for whatever reason that is not financial.  They want to do this in the most brutal way one can think off: make an entirely new block chain, starting with Satoshi's genesis block as it is, and distributing it, so that it will be the accepted block chain by all nodes: in other words, it should be of similar block height, and include some more PoW than the actual, current block chain.

They give themselves a year to pull off the feat.

How much $$ do they need to do so grossly ?

My rough guess is that it will be somewhat in the ballpark of the current market cap of bitcoin, but it could be in fact about 7 times higher too.

Essentially, they would need to buy/construct A LOT of hardware, and use A LOT of power to re-calculate a new chain.  In what ballpark would the price of such an act range ?

Again, note that although they would, at that point, own all of bitcoin (all the addresses they would generate would be theirs of course), this would probably kill bitcoin.  Their aim wouldn't be to make financial win, but another political goal, whatever it is (for instance, destroy bitcoin).  How much do they need if they give themselves about one year to do so ?
14  Alternate cryptocurrencies / Speculation (Altcoins) / ETH + ETC price on: August 16, 2016, 01:00:37 PM
Let us, for the record, note the ETH + ETC price (in $) on regular intervals, to see a trend (I'm not aware of anything available like that).  Even if there is a swing between ETH and ETC, the sum should give an idea in the overall interest in ethereum in general.

Today: ETC 1.81 ; ETH 11.05, sum: 12.86
15  Economy / Economics / Coindesk sensored ? on: July 07, 2016, 05:21:23 AM
I noticed something on coindesk.  When I add a comment to an article, sometimes it becomes "pending".  It seems related to the content of what I write, and not to the length, the number or whatever of the comments.

Recently, I tried to add a comment saying that the halving of bitcoin, resulting in 1800 coins less a day, should be compared to the daily traded volume (and hence is tiny as an effect).  Each contribution mentioning that is pending.  Other contributions of mine on the same article aren't pending.  I had a few "long" ones, and also a few one-liners.

Is there a sensorship on coindesk ? 

This has happened before too on other subjects.  It seems content-related.  Some comments simply don't seem to make it (or only days later, when the readership of the article has diminished).
16  Economy / Speculation / 5 november rally and US Marshalls sale. on: November 09, 2015, 08:27:34 AM
There can be coincidences in life, but this one is too big, no ?

How come that the bitcoin price, after a large period of stability, starts rising around the day of announcement of the auction, peaks exactly at the day of bidding, and drops afterwards ?  Who's the winner here ?  USMS, no ?  But in order for this price rise to be done since beginning of October, a steady manipulation is needed.   The idea of a sale cannot induce the market in increasing the price: indeed, the sale will increase offer.  If there were any anticipated effect of "greater visibility to bitcoin" or the like, there's no reason why it would crash after the sale - on the contrary.
The bidders themselves have not the slightest interest to have a high bitcoin price exactly on the day of bidding.
This only makes sense if we believe that part of the US government is manipulating bitcoin itself.

Normally I'm not in such "conspiracy stuff" but this is too overtly obvious.  Unless we have to go to a higher-order interpretation, and think of who wants us to think that the US governement is manipulating bitcoin.  Banks, maybe ?

17  Bitcoin / Bitcoin Discussion / Attack: if I change the genesis block. on: March 13, 2015, 01:35:50 PM
I have a question which is probably naive, but I was wondering:

suppose I change the genesis block of the bitcoin block chain, and, very important, I change the time stamp of the genesis block to, say, January 15th 2007.

I now calculate an entirely new block chain from there on, in which i can include all or some of the transactions of the current block chain, but I put time stamps on the blocks so that they are slightly more separated in time than in the original chain.  As such, the difficulty will remain very low, and I can easily calculate such a chain on my PC.
I could include many more blocks on the new chain, than on the original chain, because I have 2 years more "block chain time" to fill up until now.  As long as I separate all the blocks by somewhat more than 10 minutes time stamps, the difficulty will essentially remain 1, and I can very easily mine all the blocks on my PC.  Now, in order to respect most transactions, I would have to use the same addresses of most of the block rewards, but some, I could change and assign them to me.  For instance, I could assign all the Satoshi rewards of the first thousands of blocks to addresses I own, because they have never been spend.

If I catch up to today, with most transactions included, but many more blocks, and I broadcast this new chain, would it replace the old chain (because the one I broadcast is much longer) ?  Of course, lots of strange things would happen, such as the difficulty falling essentially to 1 or so. But strictly speaking, would the bitcoin core accept this new chain over the former one because it respects all the rules ?  Or does the bitcoin core check on the genesis block ?

18  Bitcoin / Project Development / any use for a key generator based upon analogue electronic noise ? on: March 01, 2015, 02:10:13 PM
Hello,

I'm wondering if a small development in electronics would be worth-while:
taking thermal noise from a resistor, amplify and digitize it, and turn it into a random number generator, a key generator or something similar ?
I would propose a small module based upon a USB link.  The important thing is that the electronics would be open and evident (no hidden FPGA program or so, just standard non-programmable electronics) and open source software reading the thing so that it is clear that no tricks are used for faking random numbers.

Would there be a market for such a product ?  That is, would it be worth-while to develop such a thing ?

19  Economy / Speculation / actual bitcoin fundamentals and market cap. on: November 24, 2014, 05:06:44 PM
The article here:
http://www.coindesk.com/analysis-around-70-bitcoins-dormant-least-six-months/

indicates that the actual velocity of bitcoin is very small, and that a large part of bitcoin is not participating in any liquidity on the scale of less than 6 months.  Moreover, 4-fold merchant adoption hasn't given any rise in liquidity.

Now, to me that is somewhat alarming for the near future of bitcoin, in the following sense: the "market cap" we are talking about is in reality much smaller, as it only applies to the liquid coins.  The actual market cap of bitcoin is hence rather something of 500 million or 1 billion rather than the announced 5 billion, and most of that is even speculative.  That means that the effective inflation rate of bitcoin is huge: the 10% mining is on the total amount, but reduced to the 30% or so that are liquid, we have a currency with a 40% inflation rate until the end of 2016, and most of that is not even for merchant purposes.

This is hard to keep up, in my opinion.  If the whole of the coins were to become liquid for the same market cap (that is, if the velocity of bitcoin would start to look as the velocity of most money), then the price can only go down by something like a factor of 3.  That will of course not happen unless some panic breaks out.  But I have a hard time imagining with such a small actual velocity (and hence the potential of much higher velocity), and such a high effective inflation rate (40% on the liquid amount of coins), how the price could go up seriously in a few months. 

Moreover, a price increase may "unfreeze" a lot of the frozen coins to cut losses or to take a benefit that is not going to happen any time soon.

Merchant adoption doesn't seem to be a strong carrier of value at the moment.

So I don't see honestly how we can have high sustained prices of bitcoin in the near future with such data.

I can be wrong, of course, this is just my impression from what I see.  But I would think that even maintaining current prices are already a kind of small miracle given the situation.

That doesn't say anything about the long term, when stronger adoption can set in, but as of now, such an analysis looks to me as unescapable.  I would be happy to be proven wrong.
20  Economy / Economics / The bitcoin moon and ecology. on: November 20, 2014, 07:44:04 AM
There has been already a thread on this, but as the forum software invited me to start a new topic as the other topic was old, I did.

Let us assume that bitcoin goes to the moon and takes over essentially the whole of fiat.  The fiat market currently being worldwide estimated at (M2) about 55 trillion $ equivalent, this would bring the coin itself to a value of something like $ 2.5 million.
Let us be reasonable and put it to the $1 million equivalent.

Now, currently, the bitcoin mining inflation is 3600 coins per day, and after say, 2 halvings, it will be 900 coins a day, and let us assume that's when bitcoin takes over.

Now what does that mean ?  Mining 900 coins a day is an incentive of the equivalent of about 1 billion $ per day (of course, at that point, there aren't any $ of any worth anymore, but we're talking of the current value equivalent of 1 billion $.)

What does that imply ?  It means that the mining community has an incentive of one nuclear power plant per week !  (estimating your modern power plant at 7 billion dollars).

Let us assume that mining has another overhead of making the electronics equivalent to the power consumption, and that miners want a ROI of a factor of 2.

That means that with overhead and profit, miners are going to build a nuclear power plant every month.  

So in "full bitcoin moon", mining will represent a serious energy budget globally if it arrives too soon.  Reward halving softens the problem of course, but you see the scale of the impact on energy consumption and production.


Pages: [1] 2 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!