I fully agree with that statement.  What we have now is the logical consequence of the initial design.

To be honest, I don't see any rogue miners.  I see miners do exactly what their job is: maintaining the integrity of the protocol and the consensus history.  I see a lot of non-miners wanting to deviate from the agreed-upon protocol, but miners resisting to that is their job in the eco system.  So, if any rogue forces, it are those wanting change, I'd say - even though in a permissionless and trustless system, there is no notion of rogue force ; only of immutability, and failure of immutability.

I will of course not answer in Greg's place  but the very fact that you go with your wish list to Santa Claus, isn't that the very proof that bitcoin's protocol is centralized with core ?  Core is free to impose whatever it wants ; the fact that the bitcoin "community" seems to accept that (until recently) is the centralization.  If anything, instead of sending your wish list to the central authority, one could make just an alternative, no ?  Ah yes, that one exists: classic, BU, XT ... but it doesn't work out either. 

So there are only two possible conclusions at this point:

1) Core is still the central authority of bitcoin, and all change to bitcoin has to be asked Core, and approved by Core

OR:

2) Bitcoin finally got decentralized and hence immutable, and nobody, including core, will change anything fundamental to bitcoin.  So no bigger blocks, no Segwit, no any other features.

(I am thinking that 2), finally, got in place)

This is a pretty ridiculous accusation, isn't it ?  Monero is already a private crypto currency, and ZCASH an optional private crypto currency.  So the tech is out, up and running since 3 years now.  Hell, even DASH has some privacy elements to it (somewhat doubtful, I agree). 

BTW, I consider the open ledger of bitcoin one of its biggest failures and dangers, but bitcoin is bitcoin now, and will, if it becomes sufficiently decentralized, never change fundamentally.

My point is that ANY increase in efficiency of PoW calculations, when publicly known, is necessary to implement by miners.  By efficiency, I mean the ratio between the difficulty attained, and the economic cost related to it.  Because the cryptographic protection of the bitcoin block chain only comes from the economic cost of attaining the difficulty in the "false" chain.  Any means that lowers this cost to the attacker, lowers the security of the "good" chain, unless the miners (those making the good chain) use (at least) the same efficiency increase.

Depends on how many of them are then around !  Who will decide ?  What if there are now 10 different versions of that fork ?

Like ASICS offered monumental competitive advantage over GPU miners.  What's the difference ?  Are you whining that now happens to the non-asicboost asic miners, what they did to the GPU miners back long ago ?

But what about cryptographic PoW security, also dimished by 20% because of the knowledge of ASICboost ?

And what about the fact that the standard mining algorithm is already "not calculating the complete work" and skips about 25% of it ?

By this last point, I mean that if the difficulty is, say, 2^30, then on average NOT 2^30 complete header hashes have been calculated with the standard algorithm either, that is not all the naively "proved work" has been done either.

They are obviously not independent, and competing, right ?  You can say that there are dozens of colluding entities, not antagonist competing entities, what decentralization is about.  OPEC can also say that they have dozens and dozens of different oil wells.  Does that mean they are not a cartel and are a competing open market ?


This is also why I said that he made a fundamental mistake, and, no, Satoshi didn't understand, or if he did, he took an opposite public position, to what decentralization and immutability resulting from antagonist consensus, was about.  He didn't realize, or fooled other people in thinking he didn't realize, that "consensus" in matters of money is of a totally different nature than consensus in any other collaborative open source community system.

The reason is that contrary to any community system, a monetary system is about antagonism of all entities, not about collaboration.  A monetary system is about wanting to cheat the system and not being able to, wanting to scam the counter party and not being able to.  Indeed, in a monetary system, we all want to have a lot of money, and all want others to want a lot of money, and a monetary system is such that we are *forced* to diminish our own holdings if we want to pay someone, even though we don't really want to.  It is the fundamental desire to be able to create money at will, but not to want others to create money at will.   Money is fundamentally an antagonist game.

That is totally different with, say, the development of an e-mail system, or web page browsing software, where there's no antagonism at the basis.  Me wanting to send e-mail to you, has no necessity of antagonism, and we can perfectly collaborate over that.

But in monetary affairs, if I pay you, I have lost my holdings, and you have them now, and if I had my say, I would like to be able to spend them again, and if you had your say, you would like to have obtained my holdings without having to deliver goods and/or services for it, but both of us are FORCED to act this way, because the monetary system is such that we cannot get it our way.

As such, a monetary system has to be fundamentally immutable for its subscribers, because anyone that can modify its functioning, or its history (both are intimately related) can (and most probably will) bend the rules in his material advantage.  

As to why both the rules (the protocol) as the data (history) have to be immutable is obvious: the data only give rights and limits through the rules, and these enforced rights and limits is what the monetary system is all about.  

And now, Satoshi invented, but publicly seemed not to realize, the immutability mechanism of decentralization: sufficient non-colluding antagonists that are not able to agree over anything else, than the existing consensus (including the rules).  In other words, all players/antagonists in the system would like to bend the rules and history into THEIR advantage, and NOT to the advantage of their adversaries (the other members of the system), so as to get a maximum of material advantage out of it.  But as such, if they are sufficiently diverse and disagreeing, they cannot settle over any change, and as such, immutability results, as it is the only thing they, de facto, agree over, because they did so when joining.

A single team providing the software, however, is of course way too powerful, and  much too colluding amongst their community members, for this mechanism to work, but there is now, finally, some counter action from other members/antagonists in the eco system, to turn bitcoin in a truly immutable system (protocol included of course).

Satoshi's public stance on "modifying the protocol later" make me think that 1) he didn't get a clue about immutability dynamics or 2) he did, and was being extremely deceptive about it.

There's a fundamental difference between the immutability of the protocol and history on one hand, and the software implementations of that protocol on the other hand.

But all our acts have victims of which we profit.  That's the essence of life.  Life is a struggle for survival, and as such, you have to perish or kill.  The freedom resides in the fact that you can and will be just as well a victim, as a predator, and may the fittest win.  Of course, nothing stops entities from making mutually beneficial agreements, so that they become stronger over others, and can more easily render others into preys.


Of course it is, because who is going to decide and who is going to enforce the moral rules ?  After all, there's only one fundamental moral rule: good is what is good for me, and bad is what is bad for me.  All other morals are nothing else but ways to give more weight to the good and bad of some over that of others.  Because most of the time, what is good for me, is bad for the others.  That's the nature of life.  


Of course, but that is because ultimately, there's nothing that can be "partially decentralized", if there is a central authority (say, law enforcement, and the bunch of assholes that dictates the laws over others) in the end.


Indeed, that is because the laws are centralized things, imposing their ad hoc morality.


Of course it is.  But by painting grafitti on my house, he opens himself to the possibility of being shot or tortured by me, or by one of my buddies.  So maybe he should think twice, or be sure that he has enough fire power to counter mine, in which case, I can do nothing else but be like the antilope, killed by the lion.

I wanted to say exactly that.  The principal problem bitcoin is facing, is that there has been, until recently, only one single "reference implementation", by a single team.  That is total centralisation in my book.  This is as if there were only one single web browser in the world: they would define what http and html is, and could change it at a whim.   

The problem with the single core team is that there was a confusion between the software and the protocol, as there was only one dominant software implementation: all changes to the software, that changed the protocol, were automatically implemented by most actors.

I don't know how many.  Point is, that since there were asics and pools, mining is centralized in a few deciding entities that have at their disposal the majority of hash rate.  As long as this number is more than 3, you could, strictly speaking, say that there is enough decentralization, and enough multiple points of failure, but in practice, that isn't true, because with a handful of actors, it is never possible to be sure that they don't collude over something, or are at the mercy of, say, a government that has "propositions they cannot refuse".

The question is, right now: how many independent, non-culluding deciding entities have 51% of the hash rate at their disposal ?  Officially, it are 5 pools, but one says that they are in the hands of 1 or 2 people.

Note that a centralized system like that can very well continue to function correctly for a long time.

Yes, I think Satoshi made a fundamental error by giving the "keys to the kingdom" to only one team, Core.  He should have created 20 different copies on github, and handed them out to 20 different and competing teams.  He was of course the centralized force at the start, but that was inevitable.  Him leaving was most probably done to avoid the continuation of this centralization, but by having one Pope, (Gavin at the time), the central authority remained.  If there would have been 20 different Sultans, that would have been much more decentraized.  But, as you say, I think this is the fight that bitcoin is now fighting.  The funny thing is that it needed centralization of the miners, to have enough muscle to attack the centralization of the protocol in Core's hands.

But... but... then you didn't get the essence of what bitcoin's invention is about !

--> if it were true that all nodes, all over the world, received all broadcast transactions all in the same order, there would, indeed, not any need, nor of miners, nor of block chain, nor of anything: as you say, the first arrived spending transaction of given output is considered the right one, and all the others, as rejected illegal double spendings of the same output.

It would then be very simple: all on-line nodes just accumulate in their local database, all these legal transactions, and because everybody is perfectly synchronized, all these local databases will be identical, because all nodes will take the same decisions.

What is the problem with this view ?  The problem is network propagation delays, and the fact that your node is not always online !  THIS was the hard problem to solve in bitcoin !

What is needed, is a global consensus of what transactions are the legal ones.  If half of the network thinks that Joe spend 5 BTC to Jack, and the other half of the network thinks that Joe spend those 5 BTC to Mary, then the day that Jack will want to pay his 5 BTC, half of the network will think his transaction is OK, and the other half will not recognize this.  As this will propagate further, you imagine that after a year or so, no bitcoin holding is certain, and nobody knows any more who owns what.

How can it be that half of the network thinks that Joe spent to Jack, and the other half that Joe spent to Mary ?  Because of network delays !  If Joe sent a double spend, one to Jack, and one to Mary, on different P2P nodes, then these transactions will propagate differently through the network.  Some will receive the spending for Jack first, others will see the spending to Mary first.  Other nodes won't see anything because they were off line.  So what do you tell them when they come online again ?  Depending to which nodes they connect, they will learn about Jack, or about Mary getting 5 BTC.

This is why there needs to be a "consensus mechanism", that is to say, a rule so that all nodes, when presented with different alternative histories, will all pick the same history as the "consensus" one and hence, agree upon said history.  In bitcoin, that is "the chain with most PoW".  Note that the consensus rule must be cryptographically protected, so that it is not easy to make nodes switch regularly on the consensus history.  In bitcoin, that cryptographic protection comes from the economic cost of proof of work.  Because everybody on the network, it being permission-less, can *propose* alternative transaction histories.

Yes.  But not for matters of "fairness", but rather for matters of the inherent cryptographic security requirements (which are very bad !) of PoW.  PoW security is based upon the attacker needing to spend at least as much economical effort than the "good guy" (in PoW crypto, the good guy is by definition, the miner that ADDS a block, because he's the one determining the latest consensus).  The "bad guy" is the one trying to modify former consensus for other reasons than "orphaning by error", in order to reverse a transaction (and double spend) ; censor a transaction (DoS), ....  If techniques are known to the bad guy, that the good guy is not supposed to use, then the economic cost of an attack becomes less than than the cost of making the original consensus !


Well, I haven't studied that part, but I have a hard part imagining that asicboost cannot be applied to whatever change in the protocol.  Maybe the calculations have to be re-organized or so, but, without having looked into it in detail, I don't see at first sight how you cannot use ASIC BOOST, because the way I understand it, it is just a smarter re-organisation of calculations that have to be done *in any case*.  So essentially, instead of doing them over at random orders, you organize them better so that you can re-use calculations you would simply do over without thinking.  But maybe that the *way* of organizing this is different with a new protocol, and maybe that this screws up the way it is *currently* implemented. (*)

I wanted to point out too, that already now, the standard way of doing the hash calculations, does a very similar thing, by organizing the calculations in such a way that a lot of them don't have to be stupidly re-done: the first compression function call is NOT re-done when looping over the nonce that only occurs in the second block.  So "organizing your calculations so that you don't do all explicit full hashes of all tested blocks, but re-use results" is already standard practice.  Asic boost simply pushes this somewhat further.

(*) The reason why I think that, is simply the following, but as I said, there may be technicalities that escape me, as I didn't look into it.

What happens now is that there are two fields in the header that can be tuned in order to satisfy the difficulty: there is the nonce, of 32 bits, in the second part of the header, and there is the merkle tree root (32 bytes in total, 256 bits), of which 28 bytes are in the first part, and 4 bytes (32 bits) are in the second part.
The trick of ASIC boost is that instead of using the merkle tree roots that one needs to try in an arbitrary order, one can organize them in chunks where the 4 last bytes are the same (that happens once for every 65000 merkle tree roots tried, so if you're going to try a billion merkle tree roots, you use them in packets of about 15000 roots with the same last 32 bits, and then you try for each nonce value, the 15000 roots first, and you have to re-calculate the "key schedule" of the second block only once in 15000).

I don't see how this will change if we keep the same header structure.  Maybe the way the Merkle tree will have to be calculated will be different, but it is the only handle one has, next to the nonce, which is too small.  So I don't see how asic boost in some or other form, will go away.

I want to discuss the fact that if one tries to discuss about asic boost, one gets censored, indicating that people saying that it is an exploit, have no rational arguments to back their claims up.  I don't want to discuss especially about you or your "reputation" (I couldn't care less), I want to talk about how my technical arguments about asic boost must destabilize people with your stance so much, that they have no other way of responding but to censor.

That is a statement, not about you personally, but about the validity of ASIC BOOST.  Namely that those that say that it is an exploit, have no arguments left and need to censor if they encounter my technical explanation of why it isn't.

In other words, your act of censoring is about equivalent to a post of your kind of "Your argument is so convincing that I have nothing else to say", which, in itself, is an important statement about ASIC boost.

In which case, that thread shouldn't be in the "reputation" section, because it has nothing to do with your reputation (nor mine), but about a technical argument over ASIC boost, that is now so strong, that no counter argument can visibly be thought of.

Well, "a few weeks" is 20 weeks if it happened mid-period, or, what, 4 months.  If it happened at the beginning of a period, that would become 40 weeks, or some 8 months.

With a block every 3 hours, that comes down to a transaction capacity as if the blocks were not 1 MB now, but rather 50 KB, during 4 or 8 months, followed by another period where things improve somewhat.

Of course, nothing would stop people at that point from doing a hard fork, and modifying the difficulty by hand. 

I didn't move this thread to "reputation".  Most probably you or one of your buddies did so.
This thread was about the fact that ASIC boost is a normal improvement, like so many others, but that if this is mentioned, one cannot get a normal answer, and that very fact is an interesting given in itself, because it obviously points to a difficulty that those wanting to say that ASIC boost is an exploit, have in arguing, so they are only left with Soviet techniques.  THAT in itself, is a very interesting subject.

As there is visibly a strong desire to remove, censor, displace ... certain subjects on which no rational counter argument can be given, I post here again a reasoning on which I would like to have only rationally argumented answers (although, because I believe in freedom of speech, I don't self-moderate this thread, and everybody is welcome to say whatever he wants).


(the original post is now moved from bitcoin discussion to some obscure place on the forum where, I suppose, it was hoped that nobody would find it...)

The reason why I want to bring this up, is that it seems that ASIC boost is considered "cheating" or "an attack" by some, and if I try to argue with them, they censor or oppose or do other things (<-- I'm not sure yet, testing things), but never have a sensible argument.

So, why is asic boost necessary ?  Because it is public knowledge now, and if miners DON'T use it, they render the PoW scheme more vulnerable.

If anything, the biggest problem with rendering a PoW improvement both public and patented, is the best way to decrease PoW security.  So if there's any "exploit", it is by the one that tries to take a patent on it.

Indeed, imagine the day that someone takes a patent on a method that, say, increases the PoW calculation efficiency with not 20%, but a factor of 20.  At that moment, PoW security is entirely gone.  No honest miner can permit himself to use it, because of patent liabilities.  But an attacker now knows how to attack the PoW scheme (the patent renders this knowledge public).  So even though the attacker could expose himself to a patent liability, he can nevertheless execute an attack successfully with the 20 times lower security of PoW.

Imagine that ASICS were invented, but patented, and not sold to miners, but that the producer of ASICS kept them for himself, and he could stop anyone from buying them, or making other ASICS because he was holding the patent on it.   Now, wouldn't that have been quite a dangerous situation for the PoW security ?  No miner would have ASICS, and at most GPU or FPGA, but there would be a guy fabricating tons of ASICS that cannot be legally used by anyone else but him.

I did not post in your topic any more.  I have been opening another topic, namely about the fact that certain technical arguments cannot be rebutted, and need the subject to be removed, censored etc....

BTW, this is not your thread, but as I told you, you are free to give your technical responses.

Thanks, but don't worry, I don't stress.  I was amazed at Lauda's reaction, and I found it an interesting twist.  He has the full right to censor me in his threads, but I have the full right to find that interesting as a way of acting, and I was just following the (automatic) advice given by the system:


I found the topic that Lauda needs to censor the rather rational things I was saying, interesting in itself.  If I make silly technical mistakes, the normal thing to do would be to point out those errors.  But I think, in all modesty, that I'm sufficiently well versed in cryptography and maths to understand the asic boost algorithm, the security level of PoW, and the other implications I wrote above.  That said, I'm essentially here to learn, and I'll provoque people until I can learn from them

BTW, I don't know who Lauda is, and I don't really care, but if he's a hot shot, then it is even more interesting that he needed to censor me, instead of telling me where my argument is wrong (which I obviously don't think it is, but everybody can make mistakes).