Proof of space is inferior to proof of work in that, in order to prevent grinding,
it doesn't directly commit to the transactions in a block [1].
It only commits to a miner private key.
The miner then separately provides a signature to commit to the transactions.
That means that a group of recent miners can collude to rewrite recent transaction history.

A memory bound proof of work, like Cuckoo Cycle [2], seems like a better form of Proof of RAM...

[1] https://docs.chia.net/consensus-foliage/

[2] https://github.com/tromp/cuckoo

Let's not forget that PoW serves another equally important purpose besides consensus:

PoW is required for fair distribution of coins.

Note that I'm not saying that PoW suffices for fair distribution of coins.
You can still get wealth concentration from premines, instamines, fastmines, mining tax, and so on.

But without PoW you definitely get wealth concentration... weakening decentralization.

Bitcoin supports Discreet Log Contracts (DLC), a simple form of oracle, just fine [1] [2].
DLC is a form of scriptless script, that only needs Schnorr signatures to implement.

[1] https://dci.mit.edu/smart-contracts

[2] https://medium.com/interdax/discreet-log-contracts-smart-contracts-for-bitcoin-d75f22d25dac

Not really, no.

But the fact that it's quantum easy does make it more likely to not-hard than NP-complete problem like 3-SAT, that are assumed to be quantum hard as well...

You misread my post. It has nothing to do with Quantum computers. We assume that ECDLP is hard for *classical* computers, but it may not be...
I'm well aware that quantum computers have not been able to factor any number beyond 21 with a general factoring algorithm like Shor's.


I'd phrase that differently. Algorithms are just mathematical concepts, that exist independently of what hardware we can build to run them on. Shor's algorithm breaks RSA and ECC. But we lack the means to run Shor's algorithm on nontrivial instances. And thus *we* cannot break RSA and ECC.

If ECDLP, the elliptic curve discrete log problem, turns out not to be as computationally hard as we think,
and someone happens to stumble on an algorithm to crack it, then they could steal from practically all cryptocurrencies.
First they'd steal from ones where inflation remains undetected, by opening Pedersen commitments in arbitrary ways. Next they could try their luck on Bitcoin, taking balances with reused keys. It would probably take a while before
public evidence builds. People would first blame victims on poor security practices and such. But if the thief is greedy and keeps at it, people would eventually realize that ECDLP has likely been cracked. Then the value of Bitcoin and all other crypto currencies would quickly plummet.
If the thief is not too greedy then the public at large may never suspect though.

I didn't realize it at the time, but Monero's tx_extra field is nearly unlimited in size [1].

This has recently been taken advantage of to implement ordinals on Monero [2].

Meanwhile, on some Grin clone, attempts to store data on-chain have failed miserably [3].

[1] https://www.reddit.com/r/Monero/comments/11xvi03/comment/jd76w83/?utm_source=reddit&utm_medium=web2x&context=3

[2] https://mordinals.gitbook.io/handbook/how-does-it-work

[3] https://forum.grin.mw/t/public-transaction-data-is-a-huge-risk-vector/10426/14

A better question would be:

Are you for trying to take measures to hamper, limit, or ban the use of ordinals on bitcoin?

I don't care about ordinals, but given the need to create a competitive fee market, I'm definitely not for any such attempts.

However, to keep with the current poll setup, you could make it less biased by rephrasing

    Yes, ordinals are great!

to

    Yes, ordinals help create a fee-market that's necessary in the long term.

Dash is a cash grab by Evan Duffield, amplifying his insta-mine through rent-seeking masternodes.
Dash doesn't offer much in the way of privacy.
Monero on the other hand does, by hiding amounts and addresses, and by almost completely obscuring the transaction graph.

You should find all your questions answered at https://en.bitcoin.it/wiki/Difficulty

In short: difficulty is stored (in compressed form) in header field "bits" and difficulty adjusts every 2016 blocks.

That link ranks by market cap, which is not so relevant.

Relevant to this discussion is the daily energy spent on mining as approximated by the dollar value of the daily mined coins.
You can find this ranking at [1] under column PoW Produced (24h).
It shows Monero down in place 9, while Doge and Litecoin are in 2nd and 3rd place respectively.

In the long term, coins without a tail emission will slowly drift down this ranking as their mining subsidy dwindles to insignificance. In which case Monero could end up in 4th place behind DOGE, ETC, and Nervos...

[1] https://www.f2pool.com/coins

Nonsense. Ordinals is an unforeseen use of the system, just as open timestamps is. Neither has to be prevented to ensure bitcoin's survival.

Due to the eventually disappearing block subsidy, bitcoin's long term survival is dependent on full blocks creating a fee market, so one clear purpose of bitcoin is to support all uses which help to fill blocks.

Each miner adds their own coinbase tx to the new block. Since the block header commits to all txs in the block  (through the root of the tx Merkle tree), this means that each miner works on a unique header. And thus a unique Hashcash PoW puzzle.

In case of mining pools, the pool makes sure that different miners on the pool work on different headers as well, e.g. by giving them a unique block template.

As opposed to arbitrary payment data that is pushed to the blockchain once to stay there forever?
Like all those silly satoshidice bets? Or the transfers of the NFTs? Or all the "test" transactions that people do to feel more secure about the "real" transaction?

In the end nobody can decide what is arbitrary or not. Only fees can. The higher the fees, the higher the barrier for frivolous use, and thus the less arbitrary.

Users will always find a way to relay their txs to miners more than willing to earn those higher fees.
There's nothing you can do to stop that, only try to make it a little less convenient by imposing standard-ness rules. But with high enough fees, there will always be middleman like ordinals.com to make that process as convenient as can be.

If you want less "arbitrary" data, allow all uses of the blockchain to compete and the fees to be raised. Which has to happen anyway if bitcoin is to maintain any long term security.

Yes, they did, not just by allowing larger blocks, but by in fact *requiring* a block larger than 1MB in size.

As a result, BTC block 478559 was rejected by Bitcoin Cash for not exceeding 1MB [1]:


It took a while longer for Bitcoin Cash to reach height 478559.

[1] https://connortumbleson.com/2017/08/02/bitcoin-cash-bcc-is-born/

These are transactions that miners *want* to include because they still pay competitive feerates.

So users will find a way to relay them directly to willing miners (as ordinals.com already does), and if not relayed normally, the mempool will show a distorted view of the fee market.

You're trying to fight basic economics in a permission-less system.


Bitcoin is by design a transaction storage system, since the entire tx history must be verifiable.
Bitcoin also cannot effectively distinguish between financial scripts and data storage scripts (note that a less efficient data storage in fake P2PK outputs is possible as well).

Investopedia [1] explains Selfish Mining as

"Selfish mining is a deceitful cryptocurrency mining strategy in which one miner or a group solves a hash, opens a new block, and withholds it from the public blockchain. This action creates a fork, which is then mined to get ahead of the public blockchain."

It's not about mining empty blocks (why would you call not taking any fees selfish?).
 
The original 2018 paper on selfish mining is "Majority is not enough: bitcoin mining is vulnerable" [2] by Eyal and Gün Sirer, whose Abstract reads:

"The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the mining protocol is incentive-compatible and secure against colluding minority groups, that is, it incentivizes miners to follow the protocol as prescribed.

We show that the Bitcoin mining protocol is not incentive-compatible. We present an attack with which colluding miners' revenue is larger than their fair share. The attack can have significant consequences for Bitcoin: Rational miners will prefer to join the attackers, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency.

Unless certain assumptions are made, selfish mining may be feasible for any coalition size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects Bitcoin in the general case. It prohibits selfish mining by a coalition that command less than 1/4 of the resources. This threshold is lower than the wrongly assumed 1/2 bound, but better than the current reality where a coalition of any size can compromise the system."

More recent papers on selfish mining include"Effective Selfish Mining Defense Strategies to Improve Bitcoin Dependability" [3] and "Rethinking selfish mining under pooled mining" [4].

[1] https://www.investopedia.com/terms/s/selfish-mining.asp
[2] https://dl.acm.org/doi/10.1145/3212998
[3] https://www.mdpi.com/2076-3417/13/1/422
[4] https://www.sciencedirect.com/science/article/pii/S2405959522000443#b4

The only coin focussed on simplicity seems to be Grin [1].

The biggest simplification relative to Bitcoin is the absence of script. Yet nearly all commonly used script functionality is still available through "scriptless scripts".

The problem with complexity in the consensus model is that once you have accumulated some, you can never get rid of it, as it will always be needed to verify past history. So a blockchain's complexity can only increase over time. In that sense no blockchain can be made simpler.

Odds are that something like Ethereum will be so complex in a century that no-one can understand all of it (some would argue that's already the case right now:-).

That also means that the best way to improve functionality is outside of the consensus model. Lightning is a great example of that.

[1] https://np.reddit.com/r/CryptoTechnology/comments/kyhgcv/are_there_any_public_cryptocurrencyblockchain

I don't see the flaw in the NFT/Ordinals design.

It's inherent in bitcoin's design, that incentivizes miners to include anything expressible in bitcoin script for a large enough fee.

You're not forced to store any data you don't want (just set pruning), but you do need to verify it as a full (i.e. fully verifying) node, just like you must verify all the tons of silly satoshi dice transactions made in the past.

If bitcoin is ever to survive in the future where block subsidy is insignificant, then you want any use of the blockchain that people can think of and are willing to pay fees for. Only a competitive fee market can pay for long term security.

Would it help if payment required the receiver to first prove their ability to spend the funds-to-be-received, before they could actually receive them?