Though I love the Bitcoin protocol, and it's elegant solutions to double-spending and cheating, it still bothers me that it takes a prodigious amount of energy to
mine for new currency (something like 25 Megawatts are being consumed by miners right now). So I've been trying to think of ways to substitute a less costly process for the current hashing problems required by BitCoin.
If you think of mining as a form of lottery, each computation of a nonce hash is like buying one "ticket" - the more tickets you buy, the higher the probability of your winning the 50 BTC+ prize. Why don't we replace mining with a more DIRECT lottery?
Every 10 minutes, say, each person that wants to participate buys how every many tickets they want (using the same currency), and then the winner is chosen randomly such that your odds of winning are proportional to your ticket purchases. The winner not only receives the 50 coin bounty in the block, but also all the tickets purchased in the block.
This has the same incentives and rewards as Bitcoin, but reduces the net cost of "mining" to near zero (all the "costs" of mining are returned to the winner of the block). It's "fair" since your chance of winning is proportional to the amount of coin you risk in each auction. A simplification is to treat the amount of "tip" included in each transaction as the "ticket purchase" amount (you can enter a NULL transaction with a tip in any block when you want to mine, but not sending a real transaction).
The remaining problems to solve are:
- How to fairly decide the winner of the lottery (without relying on trusted 3rd party).
- How to decide that an accepted block is "canonical".
The first problem can be solved by hashing all the user addresses of the ticket purchases in the block, and using that as a seed to a cryptographically secure random number generator.
The second problem feels non-trivial to me and still a source of possible cheating. Any ideas?
Has this all been discussed before???