It is often objected that the current computing task performed by miners is a waste of CPU. Though many good answers have been given against this idea, the most basic is still that we just don't know any other way of electing nodes in an anonymous, decentralized and verifiable way. Sure, it would be great if the mining process could have a usefull side effect. But so far we just don't know any way to do that.
I've been thinking about it and here is a rough idea: using the least action principle to solve physical problems. As you may know, finding the correct folding process for long molecules is a very tough problem to solve with a computer. It is so tough that it often requires the use of a large number of computers working together in a framework such as BOINC (see
folding). IIRC, this problem is solved using the least action principle (or the least configurational energy, I confess I don't know the details much, but you get the idea), which is the at the root of both classical and quantum mechanics. Basically, all nodes try to find an geometrical structure of the molecule that minimizes a certain function. They use more or less a brute force method: they try plenty of structures until they find one that gives an action that is considered low enough.
See the parallel with the proof of work system used in bitcoin?
Now, of course replacing the cryptographic proof of work by a least action calculus would not be easy, because they are still some very crucial differences.
In a cryptographic proof, you can put information in your work, so that nobody can "steal" your work.
Let's call "PAYLOAD" the message you must work on (in bitcoin, that would be the Merkle root of the transactions).
If you want people to have an incentive to work on this payload, they have to be allowed to add some way to identify themselves, so instead of computing a hash of the form:
PAYLOAD:NONCE
They will compute a hash of the form:
PAYLOAD:USER_ID:NONCE
In bitcoin the USER_ID is basically the equivalent of the coin_base transaction.
With the least action, it is much more difficult to do something like that, because the action depends only on the sequence of amino acids and their geometrical structure. The sequence is the equivalent of the payload, and the geometrical structure is the equivalent of the nonce. There is no way to include any extra information.
This means that as soon as someone publishes a particularly efficient folding, there is no way to prevent anyone to just quickly copy it and also publish it to the network pretending he found it himself. Trying to use timing consideration would probably be useless, as the inevitable latency in the network makes it impossible to make sure of the exact time a message was introduced. That's basically the main reason why the double spending problem existed and why bitcoin had to solve it.
Isn't there a way to overcome this difficulty, though? I believe there has to be. It would work in the same way as sport events (I was inspired here by chess tournaments): you need to find a way to force players to admit their defeat.
##
EDIT: This scheme is probably not the best way to do this. See next message for a better idea.
##
Here is the basic idea.
First, we share a list of molecules that we want to work on. Then we organize the "competition", pretty much as we would do for a sport event:
- We register all players. They are of course identified by a public key. Decentralizing this step might not be easy, but I doubt it's impossible ;
- "Round" begins: players compute actions for each molecule. They can focus on a particular molecule, or work on all of them. Doesn't matter. If they want to work on only one, they just pick one random geometric structure for all the others, but in the end they publish a result for each molecule ;
- they don't publish clear text results: they publish encrypted, signed results. The encryption scheme has been chosen by the player and only him knows the key (which is either an assymetric key or a symetric key, in which case it is necessary a different one for each round ;
- when a player receives the (encrypted) results of an other player, he must sign it and publish his signed version to the rest of the network ;
- once a certain ratio of player has submitted their results, or once all players that have published their results agree that some time limit is over, the round is finished ;
- at this moment, all results are available in their encrypted version, and they are all signed by all players who have published some results ;
- Now all players publish their decryption key. Everyone can see who has found the minimal action, and nobody can pretend he did it if he actually did not.
- We can choose to assign a different crypto-currency for each molecule, or mesure the relative progress for each molecule and select the player who has reach the best progress for any molecule. Does not matter much.
- The winner has the right to publish a block of transactions for this crypto-currency, the first transaction being a creation transaction, just as in bitcoin.
There are certainly lots of difficulties with this scheme. One that I see is that in order to verify the block chain, one must know the whole history of all the tournaments that occured. That can require a lot of disk space. But hopefully with increasing disk capacities it should not be that big of a problem.
Well, here it is. I know it can look far fetched, but I believe the "bitcoin is a waste of CPU" argument is not a stupid one. So I really wanted to imagine an alternative protocol that would solve this issue. Or at least I tried.