Blockchains are generally the wrong tools for evoting— they don't solve any of the hard problems presented by that space.  They don't provide for censorship resistance (blockchains are not jamming free networks), they are generally privacy disasters (so they certantly don't help ballot confidentiality). They are not a sibyl free issuance mechanism, so they don't prevent parties from getting an unfair share of the votes.

I think electronic voting systems are exciting and interesting, but if you're using technology from Bitcoin to implement these systems you are likely using the wrong tools and will build something which lets people down.

Thats only a restriction in popular software, it's not a fundamental technical limitation.

I haven't deleted anything here. Nor did I see any post of yours saying anything like I said, instead you appeared to be loudly claming that something was wrong with eligius, you went as far to imply that something was being hidden ("Makes me wonder why he won't explain it. As should anyone who uses this pool...")

You mean the protocol every pool uses? There is basically no GBT hashrate on eligius, as is my understanding— not that there is actually any latency difference.

I'm afraid you don't understand how block timestamps work. It's possible to find a block 100ms after the prior block and yet have a timestamp a minute later (or a minute before, for that matter), times are not synchronous between miners.

And yet you can look at the actual observed blocks and Eligius is underrepresented in empty blocks relative to hashrate.

What the fuck are you talking about here?  That kind of allegations demands some links.

I linked the actual blocks, so you can see exactly where empty blocks have been produced.

Of course it can. Shit, even getwork can do that.

This is the reasonable, well known, and expected behavior and not something to be concerned about.

Standard behavior for pool software is when a new block is accepted to immediately generate new work before the new transaction list is computed and then long poll again later to update. It can take bitcoind several hundred milliseconds to generate an actual block with content, especially if the mempool is large, and otherwise in that time you'd be twiddling your thumbs doing nothing or uselessly working on an old block. As a result, all miners will produce an empty block here and there, even when there is a backlog (E.g. for a 1 second dwell time it would be 0.16% of blocks).

In the last 1000 block there were 9 empty blocks, that rate suggests an aggregate dwell time of about 5 seconds. According to bc.i they were created by Discus Fish, Slush, Discus Fish, Discus Fish, Discus Fish, Eligius, KnC, Eligius, and Discus Fish.  Perhaps one pool's over-representation there suggests their long-polling behavior could use some tuning, but it isn't Eligius…

The obvious optimizations like precomputing the next block don't work, because someone else will usually have produced this one, and your 'next' will likely conflict with it... though it would be possible to do something like a 'fast tx list now!' that only guarantees validity, and perhaps makes idiotic choices wrt priority/fees.

Fortunately the timing of blocks are independent, e.g. that someone found a block 10 seconds after the last with nothing in it doesn't actually delay the finding of the next block with something in it.

How long are you talking about? for me it takes about 15 seconds cold-cache.  Some systems with broken IDE controllers or crazy AV can take many minutes, but thats not Bitcoin's fault. There may be other system specific cases which could be improved.

(If you're just talking about the 15 seconds— it's as folks said here... it does some validation at startup to make sure the data isn't corrupted, otherwise you could end up on a fork during runtime if the data was corrupted.  Litecoin is additionally slow because its POW is very slow to verify.)

Then please don't post in this subforum if you're not interested in Bitcoin. My tolerance for seeming market manipulation is pretty low today, and spreading FUD about issues that don't exist and then professing ignorance is not my idea of a useful contribution to the discussion.

Someone was asking for a definition of a term, thats all.
There are no problems occurring right now in the Bitcoin network.

[Edit: I'm locking this thread because the question has been answered and its gathering offtopic posts. If the original author has any more questions let me know and I'll unlock!]

Well, technically the network could prohibit it. E.g. Bytecoin (and its forks) prohibit a single public key from ever being spent from more than once. Zerocash will also require such a restriction.

Such a change is merely a soft-forking change, it only restricts the set of valid behaviors.

Right, it requires an an unprunable data structure that will grow forever.  However, you could make it lossy with most of the same privacy effect, e.g. you can't use an address used anywhere in the last 2016 blocks. This isn't an option in bytecoin, since it needs the non-reuse invariant to prevent double-spends.

hah well if this was your motivation then I guess you couldn't deploy that as a soft fork.

But you're wrong there wrt pools, it would be very easy for pools to switch to paying BIP32 chains or ECDH addresses— and they should, for privacy reasons.  Eligius' prior operator (Luke) wanted to do this, but the new management is less interested in doing things which are of long-term benefit.

For a little while Eligius was generally deprioritizing recent-address-reusing payments in their block selection as a way to discourage reuse generally and to also give more fair access to the blockchain. I'm not sure if they're still doing that.

Or that.

Welp, P2Pool exists, and could use some more love and attention.

The cryptosystem useful for a lot more than cryptocurrencies too.

I'm working on a very fun application of it right now... Will post when I have usable tools.

Thats above my paygrade other than to observe that it seems all sad and weird to me. (It's hard for me to tell what strange game of chess people are playing here, perhaps extra hard because I don't care about any of it— as mentioned I think introducing alt-currencies is a dead end route).  I mean, I could make guesses,... but it would just be guesses, my spider sense which usually protects me from weird situations certantly goes off around that stuff. Then again, I may just be miscalibrated relative to the baseline level of scum and villainy expected in the altcoin space.

Hm. My disapproval of address reuse in Bitcoin land caused me to pull the tip address from my sig— I only have a bitcoin address on my profile at all for mod payments, and I rotate that manually every time it gets paid.  ... but since all BCN/MRO/etc. addresses are ECDH negotiated, my issue there is resolved hurray!

Sure, but when we're talking about change happening over a single month?  Basically I see the idea that fixing the initial burst improves equality between the early miners, the economic effects take place on a larger time scale.

Basically I think you want the distribution itself to be locally fair while larger economic forces make things globally fair. Trade can't equalize an advantage that happens on the timescale of days or weeks very much. No programmed mining distribution system can achieve fairness over the span of years. Hopefully the two combine well enough to remove enough unfairness that we can look the other way long enough to enjoy the non-zero-sum benefit of a useful system.

I'm not trying to be sanctimonious... but rather I have a _lot_ of respect for the really clever cryptosystem used in Bytecoin. It's one of the most interesting cryptographic techniques _actually deployed_ that I've since basically bitcoin itself (there are a lot of other neat ideas, few have made it to actual use).  If this were tech that worked in Bitcoin it would have won pretty much the entirety of the coinjoin bounty hands down by my opinion.   So I don't mean to dismiss the work that has been done in the forks, but it is really not on the same level as the actual invention here in my opinion (esp since bytecoin is not a fork of Bitcoin).  Maybe in a couple years my opinion will be different.   My view is also colored by my own position as a developer who took up the maintenance of Bitcoin after its author left, e.g. I'm inclined to discount the value of contributions similar to my own.

Funny, I think lockup is exactly the opposite of what you want.  Part of what makes me generally think the situation is complex is that coins that change hands spread the appreciation around.

I'm not sure that lockup/vesting can ever really be made to really work. You can always sell your interest even if the system won't let you actually transfer it. I can sell you the private key(s), under the protection of traditional contract law and the courts that to convince you that I didn't keep a copy.  Failing that, I can also put we can some Bitcoin in an escrow to secure the deal. etc... all undetectable to the outside world.

In the case of bytecoin it just seems weird. Some day we'll discover that the code was really being written by a single brilliant grad student under contract and one day he suffered a freak brain aneurism and died. Left with no one to continue the development and without the technical chops to even evaluate new developers and concerns about the ramifications of releasing a cryptographically anonymous cryptocurrency the people funding him open sourced the works so far and hoped for the best.

I mean really, am I missing something subtle here? it's pretty hard to pull anything over on anyone. I'm not sure what we're supposed to be tricked into thinking here. It doesn't strike me as fraudulent as much as it does just weird and poorly done.  Likewise, the software is very raw, some elements of the design seem pretty poorly considered, maybe not absolutely bad but relative to the quality of the rest.  Maybe I'm a little spoiled by Bitcoin.

Well, for example, say you have a 100% "premine" coin, but most of it gets sold for a grand total of a few bitcoins.. and then sold again and again, gradually gaining value.  Sure the person upfront at an "unfair" advantage but who cares if it was just to the tune of a couple of bitcoins? — and if they put in the work to really create something original and innovative it's well earned.

Something doesn't gain real sticky value except with trade, you can't premine 100% and then expect it to be magically valuable.  So asking if something is fair or not is more complicated than asking just about how much was premined or how fast the early release was. For all we know huge chunks of that large early mining may show up as donations and bounties driving innovation in the ecosystem and between that and the speculative trading of zillions of worthless coins ultimately resulting in a more equitable distribution than even the best tuned mining lottery would give. (Sadly, the forking diminishes the marginal return of this kind of activity, since ecosystem developments will also benefit the forks, making perhaps more rational to sit back and hope the forks fund that work instead).

It isn't immediately obvious to me that some of the BCN forks are inherently more fair, they may well be, but a lot of that depends on how the overall economy plays out.  Right now, however, the differential profit to me mining bcn today vs four weeks ago is far far smaller than for say monero.  One complicating bit is that the privacy of the system doesn't even let reliably you know if coins being moved are recently created coins churning or if its old coins moving.  

Basically the mining lottery is only one element to fair distribution and its inherently limited because it is biased towards experienced altcoin early miners, computation thieves, etc. in an active economy trade tends to spread out the profits from asset appreciation, and other things like donations and bounties stemming from concentrations of wealth can further the process.  Right now the forks argument is that the mining is more fair, but even more fair is pretty substantially unfair. How it all plays out is anyones guess, I think.

Feel free to seek my input— I can't resist running my mouth even if I think the whole enterprise is ill-advised— you might be able to extract something useful.

I did call it sketchy for a reason.   But at the same time I think it's reasonable and proper that the creators of the system actually do profit from it some (at least if anyone is!) one problem with cryptocurrency launches seems to be that as soon as you launch it people with botnets and other stolen resources immediately begin mining the hell out of it— and if there is an explicit 'premine' people fork and yank it out.  I do not begrudge the creators of a system feeling they're owed _some_ payoff, the question is how to get it in a way that is actually _viable_ even before you ask for fairness.

One of the criteria that I think is a requirement for an acceptable POW function is that it be largely "optimization free"— that is that the public implementation(s) are as close to the best implementations possible. Without being confident this criteria is met an attacker can gain an advantage. From that perspective its important that the released one be good.  OTOH, you're simply not entitled to demand people give away the software they wrote for themselves especially when they're already giving you so much.  Keeping some better mining code for yourself for a little while is crappy but it might be one of the more ethical viable ways to ensure compensation.  I think, for example, that it's more ethical than encouraging unsophisticated investors to "buy in" to something that exists only as a white paper and maybe a couple tech demos— a technique used by some altcoin proposals as of late.

Being able to fund infrastructure development in this space is still an open question. I think the general model of using altcoin launches to do this is not sustainable (for one, more currencies just dillutes network effect, hurting everyone— and too much of the value goes out to lucky speculators instead of the people creating the technology... plus the supply of hopeful suckers will eventually dry up). So I'm willing to have an open mind about different approaches people used, even though I'm personally a bit uncomfortable with anything that could be seen as compromising the integrity of the software. My tolerance for approaches is weighed by how interesting the tech is. I give bytecoin more slack than I'd give most altcoins because it has actually done some very innovative things, and it's not just a white paper but a usable system released as MIT licensed code, not hype.  Relatively speaking no matter how unfair BCN's initial distribution might turn out to be once the economy takes effect, I think it's inherently more fair than the many coins that never deliver anything interesting while sucking a lot of coins out of people on the basis of a bunch of promises. Bytecoin added value to the world, maybe some of the forks will add value by improving on the flaws in bytecoin's relesase— I thank that remains to be seen. If everyone benefits then I think splitting too many hairs about some people benefiting a bit more than some others may be short sighted, but it does depend on how the economy plays out.

Well that wasn't directed at you. Ignore my whining if you like.  I'm just sad to see how short sighted people are sometimes, it isn't everyone. I'll probably show in the Monero thread once I've successfully mined a block there, hard to use it until I have some to play with.

Hm? No I'm not. I've mined exactly one bytecoin block, last weekend— as part of fooling around with it, and I've used that to make some transactions and try it out. I'm also not especially equipped for cpu mining any more, and as you may note I basically don't do anything with altcoins (except sometimes point out their technical mistakes).  I wasn't aware of bytecoin until Adam Back mentioned it (well I _heard_ about it but thought people were talking about the crappy bitcoin clone).  If I'd been involved earlier perhaps there would be fewer really awful design flaws (including the way it appears to have been launched, which I agree is screwed up). Where my opinion differs is that I think its foolish in the abstract to create separate currencies for things which are just more transaction features (which doesn't mean I may not use them, but I do not consider them virtuous). I also think some of the forks (and perhaps all of them so far) have been launched in ways which are only minimally better and also created a huge advantage for their early participants.  While I think what BCN has done is a bit crazy, relative to the forks I do think it at least has the moral high-ground of having at least been the original authors— to the extent that anyone ought to get a windfall it ought to be them.  The lack of good initial calibration is even less excusable for the forks since they knew going in what the demand would be.

(were I ever to launch some altcoin— among many other things— I'd figure out a reasonable target for what the difficulty will be once it has basic adoption, and when the difficulty is below that level I'd have it scale the subsidy that each block takes by the difficulty so that the very earliest miners wouldn't get a windfall— effectively the income per hash would be ~constant until the hashrate got above some threshold. I'd also never create something with such a costly to validate POW, or set things up so that sketchy deoptimizations games were needed.)

The cause for my interest in this technology is pretty well established, https://bitcointalk.org/index.php?topic=279249.0  https://bitcointalk.org/index.php?topic=321228.0  https://bitcointalk.org/index.php?topic=277389.0 https://bitcointalk.org/index.php?topic=398041.0 etc.  I've been developing cryptocurrency tech for personal and philosophical reasons for eons (in cryptocurrency time) and perhaps you're too busy with sleezy speculative activities to notice that there are some other people who are involved for reasons which are unrelated to making a quick buck.  There are more things in heaven and earth than are dreampt of in your philosophy.

(As an aside— you probably should be pretty happy that I went and pointed out this tech in discussions about ZeroCash, regardless of which forks you support I'm sure you benefited from it whereas I did not (in fact, I've not even managed to get any real thoughtful tech discussions out of it— few to none of the people posting here seem to actually understand the tech, and instead everyone is just flinging poo about their favorite forks).  Perhaps in the future I should not forget to add the caveat that while the tech is neat and deserves more attention, like most altcoins the community is full of speculators who actively repel technical folks with wild accusations stemming from an apparent inability to understand that not everyone is so desperately greedy...  It's doubly hilarious, in that it's so thoroughly counter productive— I don't approve of the pump behavior and won't try to encourage it, but I certantly could bring a huge amount of attention to this space by pointing how how powerful the technology is to people— but I'm certantly less inclined to do so when simply speaking my mined gets me accused of being one of y'all coin pumpers even by the selfsame folks who would benefit from it.. I mean, wtf are you thinking? Were you raised by wolves?)

Yea, well the darkcoin thing was pretty offensive to me in general, I feel that it commercially exploited my work promoting coinjoin— itself not so bad, but it was frustrating that it was also stupid: the attraction of coinjoin— for all its limitations— is that you don't need a new coin, it's already just part of Bitcoin.  I've been continually disappointed by the level of hype around Zero*, especially when it comes at the expense of attention to other techniques which are very interesting themselves.

Now now, people in glass houses shouldn't throw stones.  What is the marginal return of one CPU hour mining on your favorite fork just a few weeks after it started?   Bitcoin's difficulty hasn't ever grown faster than doubling in a month or so, it's never been a gigantic bonza where someone a few weeks before you was getting 100x more.   It wasn't launched with a difficulty thousands of times below what the surrounding network could support (quite the opposite: the bitcoin network wasn't fast enough to justify the minimum difficulty in the first year).

It's pretty easy to create an fork that while announced is still a huge windfall for the initial people on it. Perhaps less of a windfall is better, but at least— as far as we known with Bytecoin the receivers of the windfall are the people who wrote the software, enabling everyone else (including the fork to use it).

This is part of the reasons for decisions are somewhat unstable. Anyone can create a fork, why is one more righteous than another? Especially when all you a generally similar launch approach which rewards the people in the first _days_ much more than those who came later...  It's not clear how one can fairly launch a scarce asset cryptocoin today now that people know and expect them to be valuable (even moreso than they actually are, often).

For silicon fabricated on modern process (e.g. 45nm or better) the power costs typically exceed the marginal manufacturing costs within a few weeks of operation. In long running computations the hardware costs are amortized. Making changes which _decrease_ the power density of the algorithm may have the opposite of the intended effect.  The end result may be a greater operating cost advantage when hardware does exist applied on top of a monopoly created by the increased NRE for the more complex part.

Yes, and quite likely thoroughly ruin approximation freeness along the way, without at all precluding substantial speedups from specialized hardware even ignoring the approximations. Keep in mind that mining is perfect competition, a mere factor of 2 advantage can easily drive everyone else out of business... and simply eliminating unnecessary IO and support electronics can result in gains larger than that.

The authors of litecoin (and tenebrix) made an identical claim and they had more peer review to back their claims and it turned out to be substantially untrue.  They've also found their POW's verification slowness to be problematic, and yet it verifies orders of magnitude faster than the cryptonight function.

I think forcing people to use distinct ephemeral keys is a very poor design.

In the limit it doubles output sizes— and even on single output transactions it doubles the size since you would immediately need to include two just to make the change output indistinguishable, it would greatly expand the problematic side-channel bandwidth for non-bitcoin information which is intentionally limited in the current network behavior, and it makes the scanner's computation scale with the number of outputs instead of the number of transactions.

Bitcoin was designed generally assuming addresses would never be reused. A number of the assumptions in the design are broken by reuse— but users are ignorant and lazy and now adays reuse addresses frequently. The reference software does it right generally, so you don't see so much reuse earlier in Bitcoin's history.

Yes, I am aware this is the claimed goal. This was also the claimed goal for litecoin— and unlike the cryptonote paper litecoin used a publicly known, peer reviewed algorithm. Litecoin failed in this goal because it is simply not really possible to achieve. You should go read the nice writeup I linked to.   The cryptonight stuff is _less_ well reviewed and justified than the approach taken in litecoin.  It's also insanely slow to verify, which is debilitating to many applications (including just syncing up a node).

Certainly, as you say, you can increase the upfront costs... and that might delay things a bit while the cryptocurrency is worthless. But higher upfront costs will almost guarantee a monopoly to someone who does go and create something (and, in fact, cpu only right now basically means an intel and amd duopoly— you realize that the marginal cost of a chip to someone with the right contracts with Intel is a tiny fraction of the retail price, right?), less competition in the hardware space is a risk, not an advantage. And, of course, litecoin asics have higher NRE and so there is less competition in that space. Making that worse seems unlikely to be an advantage.

Thats also how litecoin was initially advertised— "cpu only".  Oops.  See also:  https://download.wpsoftware.net/bitcoin/asic-faq.pdf

And besides, it doesn't have to have fancy hardware for it to be totally out of the hands of normal people— "cpu only" also seems to translate into botnet-herder-mostly. It's pretty easy for a "CPU mined" system to only be economically mine-able by resource thieves.

It was a signature in their original code. Whats is it a hash over now?

"KGW" is just an EWMA with not especially well justified parameters and a technobable name that obfuscates what it actually does. Other coins used similar things (some to their own demise) before it was ever described. All of the faster update rules make things more stable in the face of hopping (as opposed to, say, merged mining which makes hopping not happen) but do so at the expense of reducing security against isolation, I don't think they're a good win— and when they're not fixing the self inflicted wound of being a redundant coin without merged mining they're usually just the kind of superficial change altcoins typically make that don't require even knowing how to code. They're also far outside the realm of bitcoin today as we've never had a problem due to the update rule, and not really related to the timewarp attack (as it can be closed completely with basically two characters changed in the code— correct the off-by-one to make the retarget windows share a block.