No it is better to come up with a solution which provides real security not feel good security.  Like I said up thread.


It is a non trivial problem.  The blockchain is a consensus agreement on where coins are.  It only works if every single nodes is part of the consensus.  Currently the consensus is reached by agreement that the longest chain is the correct one.  That is vulnerable to a 51% attack however it is deterministic.  No matter the state of a node online, offline, corrupted blockchain which needs to be rebuilt all nodes will reach the same consensus.

Any solution which relies on centralized trust nodes or is non-deterministic risks either making an attack easier (control the trust nodes, control the network) OR fragmenting the network into incompatible forks.

Stop treating it like a trivial problem.  It is a MASSIVELY complex problem which requires some real out of the box thinking.   If you believe that after thinking about it a few minutes you have a solution you likely are wrong.

I didn't say anything about a proxi.  If I hack into YOUR COMPUTER = YOUR IP ADDRES and use it to login to your PayPal account and send a gift to someone for say $50,000 it is your claim that is 100% irreversible.  No possible way that can be reversed by PayPal or the funding bank/CC?  Yes or No.

I don't think most legit people interested in buying $1 to $5 in BTC (who does that anyways) are willing to wait 3-6 months to get their coins.  I mean I'll do it right now.  Anything up to $100 @ MtGox last price, no deposit needed and you get your coins (minus 5% fee) in 6 months. 

How many coins do you want?  My guess is 0 right?

If the government is going to spend millions to attack the network wouldn't they take over the trusted nodes?  Actually having trusted nodes would be an even larger attack vector.  If clients are forced to trust trusted nodes then compromise them and you can feed them any kind of garbage you want even with a trivial amount of hashing power.

In the example above it would be from your home computer and thus using your home IP address.  So you are saying it is both very reversible and not reversible.  Hopefully people can see you will say just about anything even things which are blatantly false.  At least people will know what they are getting themselves into.

None of that is true.  QC allow some problems (but not mining at least no Quantum Algorithm yet exists) to be solved in polynominal time vs linear time using classical computing.  QC don't allow one to instantly solve or break anything.  Period.

For example using Shor's algorithm one could break asymetric keys in 2^(1/2 keysize) operations vs k^(keysize) needed for classical computers.

This means that for example to brute force a specific ECDSA private key form the public key using classical computer would take 2^256 operations.  While a QC is massively faster requiring only 2^128 attempts that is still a massive number of required operations.

Exactly this is a non-trivial problem.  If it was trivial there would be no 51% attack.  Another issue becomes what happens when part of the network believes X chain is correct and part believe Y chain is correct.  Of course some people have legit transactions on X and some have legit transactions on Y and there is a double spend by the attacker on both (thus someone always loses) how are you going to convince everyone that "X" (or "Y") is the correct chain and everyone should jump to it.

This doesn't mean it is impossible but if your first thought is "oh this is easy just do ..." then you are likely wrong.

Well as long as your promise it must be right.  So if I hack into your home computer and use it to send a gift to myself for $50,000 it is irreversible?  Well since PayPal is perfectly irreversible who needs Bitcoin er LiteCoin.

Why would you possibly want PCIe? 

You like higher cost, more complexity, annoying to solve thermal issues, non-optimal spacing, and being constrained by the number of PCIe slots.

Personally I just want to rack mount them in 19" datacenter racks so either a complete rack mountable unit or sell the bare modules so I can rack mount them myself.  Internally if they connect by USB, serial cable, or LPT port I don't really care as long as it is scalable

Well wafer quantity matters in that fact that it does have a cost.  If the speculation quoted in the OP is correct 4050 Avalon chips would fit on 110nm water which makes the production cost roughly $1 per chip.  320 chips
In decent sized volume maybe $5K per wafer or if the specs on chip size are right about ~$1 per chip.  You could round up to $2 per chip to be conservative and include production losses.

Well I don't think Vlad was meaning today but more the "end state" but I could see how it could be taken that way.  Also I agree today we are vulnerable because we don't have ASICs in large numbers.  Of course we were ALWAYS vulnerable however seeing retail products suddenly makes that threat more tangible.

Today your $1M number is probably right.  Even though Avalon/BFL are sold at a huge premium that premium will come down overtime and hashrate will be much higher.  To achieve real security requires both replacing horribly inefficient (in terms of MH/$) GPU with ASICs AND raising the true security value of the network (which comes through higher exchange rates and fees).  Both are needed to provide a real deterrent against attacking the network.   Still without ASICs the second half become moot.  We simply could never get enough hashing power with GPUs to build any credible defense against ASIC based attackers so moving to ASICs is a mandatory first step.   I will feel better when the hashrate is in the tens of PH/s.

Well tell me where I am wrong.

The shape of the curve depends on how aggressive both companies can be in moving units.  For Avalon how quickly will all batch 2 customers get their units, will there be a delay on batch3, etc.  For BFL can they get out the door in Feb and once they do how many units per week can they sustain in production.  The end state is much higher difficulty it really just depends on how steep the curve is. 

From the OP it is interesting to see how low prices can eventually go.  If the quote is correct then the production cost of just the chips is roughly $1 per chip (or ~$4 per GH/s).    Remember the seller has hundreds of thousands in NRE costs to overcome but they will be paid down eventually.  Lets ignore the powersupply, controller, fans, and case because the designer could just sell modules.  

PCB printing and placement ~$10 + $80 in chips plus maybe $20 in misc components (resistors, capacitors, voltage regulators) say a total SWAG of $110 per board.  Note I am not accusing the sellers of price gouging.   They did take a large risk, and have lots of NRE costs to cover.   Also they will want to retain capital to make the "next gen" unit eventually.  I am just pointing out that difficulty is going up a LOT.  People thinking no more than 10x are going to be horribly disappointed.  In the short term 30x to 50x is more likely.  In the longer term (a year or more so both Avalon and BFL have time to release their "next gen" products) 100x to 200x isn't impossible.  Why?  When sales flatline they (both companies) can cut the price and sell more.  

Generally no and especially not for "first gen" product.  The larger the die size the larger the % of chips lost due to fabrication errors. For a design like this you can't have a chip "half good" so any functional defect means a lost chip.  The size of the die is likely based on the vendor (i.e. people actually making the chip) recommendation.  

It is a tradeoff.  A single 22GH/s chip would either need to be massively parallel (i.e. one chip is designed to split the work among multiple hashing engines working in parallel (multiple nonces checked per clock cycle) or  it would need to run at an insanely high clock (to complete 22 GH/s using a single hashing engine would require a clock speed of 22 Ghz obviously impractical).

Based on the photo and specs my guess is that each Avalon chip completes a single SHA-256 double hash per clock and runs at ~275Mhz.  So if you had a board with a single chip it would use about 2W and produce complete 275 million double SHA-256 hashes per second obviously that is impractical so a board consists of 80 chips working together to produce 22 GH/s (80 * 0.275 Gh/s per chip = 22 Gh/s per board).  To do this with one chip at the same clock speed would require the chip have 80 hashing engines.  That would make the die 80 times as large. 

The entire unit is simply a controller, powersupply, and logic boards to route block headers to the individual hashing chips and "golden nonces" (diff 1 = 1 in 2^32 hashes) back to the controller for verification.  How the work gets broken up is simply a design choice you could make a 66 GH/s miner using 66,000 chips with a hashrate of 1 Mh/s ea or a single chip with a hashrate of 66 GH/s.  Everything being equal having fewer larger chips simplifies board design, assembly and production however larger chips mean higher power density (harder to cool 100W in one chip then 100W spread out over a board) and lower chip yields so neither extreme is attractive. The sweetspot tends to be in the middle. 

The next gen (not batch2, or 3 but the next design) will get more parallel.  Instead of 320 chips which have a single "hashing engine each" you could use 40 larger chips with 8 hashing engines.  If ASIC production remains competitive maybe in a few generations you will see much larger chips capable of high GH/s speed (say 20 hashing engines inside a single chip running at 800 MHz completing 16 GH/s per chip).

There is no hard fast rule I would lean towards more conservative to start.  The smaller the hotwallet the less funds lost in a breach however the more likely it will go empty and you will need to halt withdrawals until reloaded.  

Once your site is up and running you will get a better idea of what % of total funds are withdrawn daily, hourly, etc.

I would recommend incoming funds go directly to the cold wallet:
User Deposit -> [Cold Wallet] -> (Admin reload of hot wallet) -> [Hot Wallet] -> User Withdraw

As you start getting more transaction data you could decide to process withdraws over x BTC directly from the Cold Wallet manually to avoid a single large transaction from depleting the hot wallet.

As for what %?  Really depends on the site, how long funds sit there, how often you are willing to reload it, etc.   If you are looking for a total guess something in the ballpark of 10% to 25% for the hotwallet should be a good starting point.   For a site like MtGox (my guess) is that they can get by with a very tiny % of total coins held in hot wallet.  People keep larger BTC balances there and many may keep them for days and weeks.  A gambling site on the other hand may need a much larger hot wallet as a % because users may not keep much balance on the site preferring to withdraw everything and then deposit again the next time they play.

If you find for example you reload the hot wallet roughly 3 times a day and in any 8 hour period 95% of the time less than 500 BTC are withdrawn then 500 BTC is probably a good number even if that ends up being a smaller %.  Obviously you will need to adjust this as your site grows.  Too little and you constantly are having to halt withdrawals and reload, too much and you are risking coins for no benefit.

TL/DR:
Start small (say 10% or less "hot").  Better to be safe then fast.  Ask bitfloor if they would rather owe clients 25,000 BTC or 2,500 BTC.

Yeah not sure what insane math you are doing?  $1M USD per BTC * 25 BTC per block * 6 * 24 * 365 = $1.3 T global mining rewards.  If miners were willing to accept "only" a 50% ROIC that would require an attacker to spend $2.6T to attack Bitcoin.  Bitcoin would be quite safe even under much smaller scenarios.




And if Bitcoin never lives up to its potential then just $50M wasted?  Most "big scary" entities either have a need to explain expenditures (imagine the shareholder revolve if BofA misses earning estimated because the CEO decided he needed to spend $50M to kill this thing almost nobody has heard about) or are massively reactionary (like governments).  

I don't worry too much about it.  Still if a massive and well planned 51% attack comes from an entity both with the funds and willingness to lose them it still won't matter in the long run.  Much like killing Napster didn't end p2p file sharing, it only mutated and evolved into much harder to kill systems.  Cryptocurrency is a concept, it can't be killed. If Bitcoin is killed by a 51% attack the next version will be even harder to kill.   This next version doesn't have to start at 0 (like all pump and dump altcoins do for obvious reasons).  The next version could use the values just prior to the 51% attack as its genesis block.  The system could be made 51% resistant possibly through a combination of proof of work and proof of stake to increase the cost to attackers.  $50M to kill something nobody uses is too "easy" try $500M or $5B.  

"Used" in this context means received funds.  Yes I agree the author has chosen some very bad words to title some of the graphs.  That is made worse by not including a more detailed description.  

I think the OP is looking for the number of non-zero addresses (i.e. the addresses which have one or more unspent outputs).  I don't think anyone has charted over time but IIRC in one of the threads related to pruned database it was referenced the number of non-zero addresses is in the hundreds of thousands.

Pretty easy to lookup.  If someone claims to be "xyz LLC/INC" it might be a good idea to look it up.  If the company doesn't exist and the operator is willing to lie about something that trivial well it should be a warning.

Here is an example:
https://sccefile.scc.virginia.gov/S3901032

From people with a pool understanding of math.