The Bitcoin consensus mechanism is incorrectly labeled Proof of Work

[r0ach]

I would argue the current Bitcoin consensus mechanism is "Delegated Proof of Work".

See my quote below from another thread for how this got started:

A common complaint of DPoS is that it can't be decentralized because it has the word "delegated" in the title, yet anyone mining with a pool in PoW is doing the exact same thing.  Satoshi made the claim of one CPU, one vote, yet you're delegating your vote to the pool owner in PoW pool mining.  Some argue you are not delegating in PoW because you can solo mine.  While this statement would be technically correct, the miniscule portion of the Bitcoin userbase able to do so makes it functionally infeasible.  It's only a question of what percent of the hash rate is being delegated at any given time.

I would make the argument that for the Bitcoin devs to not be misrepresenting how the system actually functions, one of the following actions would have to be taken:

A)  Rename the consensus mechanism to Delegated Proof of Work

B)  Implement the Andrew Miller non-outsourcable problem fix in a hard fork

http://bitcointalk.org/index.php?topic=309073.0

The argument against my statement, is that as long as you can opt out of delegation, even only one person out of six billion choosing to solo mine with a trivial hashrate, then my statement would be false.  This argument doesn't make sense because ever since the first pool was created, I can now always opt out of direct proof of work, and choose to only delegate my vote.  Both choices are represented equally.  The Bitcoin protocol does not guard against my action without the Andrew Miller fork.

The other problem with leaving the system as is, is the majority of the community, probably including most Bitcoin devs, claim that PoW is the only known, secure consensus mechanism.  Delegation and direct voting (PoW) are represented as equal choices, yet are two completely different things.  If you claim that only one person out of six billion can be solo mining with a trivial hash rate, while everyone else is delegating (pool mining) and still be secure, you're endorsing delegation as secure by default.  At that point, there would be no reason to use PoW at all over a better engineered delegation system, unless you demand a specific origin of money school of thought until all coins have been mined.  After they have been mined, that part is out of the equation.

For the detractors that try to claim this is all semantics, I would say it's the exact opposite.  If you incorrectly define what the current system is, and what it's actually doing, it makes it extremely hard to define what type of changes can be done to improve it.

[1713570226]

1713570226

[1713570226]

1713570226

[1713570226]

1713570226

[smooth]

The argument against my statement, is that as long as you can opt out of delegation, even only one person out of six billion choosing to solo mine with a trivial hashrate, then my statement would be false.

Since you posted on the other thread that this is a reply to my comment, I'll point out that was not my argument. My argument was that as long as the option to opt out of delegation exists, the power of pools is limited, even if no one solo mines in practice.

Consider the analogy of a parking garage in a very convenient location (say right next to a popular theater) when there is free parking available a short to moderate distance away compared to the situation with the same garage but no free parking available at all. In the first case, the garage may charge only a nominal fee and nearly everyone (or conceivably everyone) might pay it for more convenient access to the theater. In the second case, the garage will charge the maximum fee possible until people stop going to the theater at all.

As for your naming idea, I'd agree with Delegatable PoW. Since the protocol does not require or enforce the delegation (nor does it prohibit it) of block creation, that is the more correct form of the word.

[jonald_fyookball]

'delegated' means you must delegate, you cannot mine yourself.  That's the idea of trusted super node systems like bitshares.

[r0ach]

As for your naming idea, I'd agree with Delegatable PoW.

I guess if you want to be really picky, in the real world we can probably prove that given a system with finite, contested resources, and sample size of 4 or higher, hell, why not 3 or 2, that over time, delegation of authority will occurr, or failure to do so will result in death of said participants as they compete for these resources.  From that you can probably extrapolate it will be cascading delegation until failure of distributed consensus.  Then we can be more specific and call it "delegated proof of work until cascading failure of distributed consensus."

In case you didn't notice, Bitcoin is an experimental war game exercise.  War is the ultimate consensus mechanism where the winner takes all and the loser dies.  The delegators in Bitcoin, which are the participants of the war, are currently wild, uncontrolled, unaddressed variables.  Each time one of them delegates vote power to another, you're essentially having a war casualty.  The only way to address this cascading failure of distributed consensus, is to either implement the Andrew Miller non-outsourcable problem to prevent them from delegating at all, or to make all participants immortal via a deterministic block validator set such as DPoS.  These are the only two options to move forward.

I believe the Andrew Miller solution would lose once released to compete with the deterministic block validator set in the wild.  Have you ever heard of the term "convergent evolution"?  This is what's used to describe how eyeballs form on different evolutionary paths that aren't related to one another.  The convergent evolution in this case would be deterministic block validators occuring in things like DPoS and Darkcoin independently even though both are completely different systems.


related post:  Why War is Good

https://bitcointalk.org/index.php?topic=1162791.0

'delegated' means you must delegate, you cannot mine yourself.  That's the idea of trusted super node systems like bitshares.

Not even going to comment on that since I don't think you read or understand anything in this thread.

[jonald_fyookball]

'delegated' means you must delegate, you cannot mine yourself.  That's the idea of trusted super node systems like bitshares.

Not even going to comment on that since I don't think you read or understand anything in this thread.

Ooops... I meant DPOS. 

Sorry, blame Friday.

[sidhujag]

'delegated' means you must delegate, you cannot mine yourself.  That's the idea of trusted super node systems like bitshares.

Not even going to comment on that since I don't think you read or understand anything in this thread.

Ooops... I meant DPOS. 

Sorry, blame Friday.

No.. Do more reading please

[TPTB_need_war]

Consider the analogy of a parking garage in a very convenient location (say right next to a popular theater) when there is free parking available a short to moderate distance away compared to the situation with the same garage but no free parking available at all. In the first case, the garage may charge only a nominal fee and nearly everyone (or conceivably everyone) might pay it for more convenient access to the theater. In the second case, the garage will charge the maximum fee possible until people stop going to the theater at all.

Except as your analogy applies to Satoshi's proof-of-work design, then the free parking is not accessible by anyone who has a car because it is on the top of a skyscraper[1]. The only people who can access this free parking must either have a helicopter or they must pool their resources to buy one.

Myopic blind spots like this smooth cause us to waste time in discussion.


[1] Because the hashrate needed to win a block any time within this century is inaccessible to your average person sending a transaction to the network.

[smooth]

Consider the analogy of a parking garage in a very convenient location (say right next to a popular theater) when there is free parking available a short to moderate distance away compared to the situation with the same garage but no free parking available at all. In the first case, the garage may charge only a nominal fee and nearly everyone (or conceivably everyone) might pay it for more convenient access to the theater. In the second case, the garage will charge the maximum fee possible until people stop going to the theater at all.

Except as your analogy applies to Satoshi's proof-of-work design, then the free parking is not accessible by anyone who has a car because it is on the top of a skyscraper[1]. The only people who can access this free parking must either have a helicopter or they must pool their resources to buy one.

You are confusing miners and users. Perhaps they could be the same, but they need not be. (Indeed satoshi's original design more explicitly divides the two than current thinking among many prominent Bitcoin developers.)

r0ach's claim was that pooling of mining in practice makes the consensus system of Bitcoin inherently delegated, but that is false because miners need not pool, and certainly need not pool with one of a fixed set or even a fixed-size set of pools. Thus this is different in structure from a system where delegation is required. (It is true if you posit that Bitcoin will certainly be 51% attacked, as I think you believe but can't prove, and turned into a centrally-controlled system instead, where pools or whatever they are they are called in that outcome enforce membership, but then why bother with the delegation argument, just show that this is certainly true and prove Bitcoin useless unconditionally.)

I specifically doubt that the outcomes will be the same in a system with permitted delegation to an open set of delegates (pools) as opposed to a system with required delegation to a fixed size set of delegates. But if r0ach wants to try to prove the same outcome in his war game model, he is welcome to do so, and I will read his proof with interest. Unfortunately if he does that, then he will show no advantage to DPoS over PoW, which undermines his original argument.

For his original argument to hold he has to show both that the distribution-of-power outcome is different between delegates in DPoS and pools in "delegatable PoW" and that the DPoS outcome is (in some specified way) preferable.

[TPTB_need_war]

Smooth, you've constructed an elaborate strawman.

I claim the entire purpose of crypto-currency is a) permission-less commerce and b) decentralized control to prevent gaming the control over the issuance of money (so it can scale globally among other benefits).

Since I already argued that one can't mine with lower economies-of-scale without losing hash rate share over time, then the ability to mine or not mine in any specific pool is irrelevant to homeostasis of the case #b.

So that leaves us only with #a remaining as it pertains to pools.

QED.

For his original argument to hold he has to show both that the distribution-of-power outcome is different between delegates in DPoS and pools in "delegatable PoW" and that the DPoS outcome is (in some specified way) preferable.

It consumes less electricity.

Fact is that mining will become ever more centralized in Satoshi's design because of the economies-of-scale of ASICs and electrical power. I believe there was maybe even a research paper that proved something along these lines?

The fundamental problem is the mining is done for profit. For as long as that is the case, ASIC farms (or Larry Summers' 21 Inc. economies-of-scale) and subsidized, industrial/government/utility scale electricity will rule.

Also due to bandwidth issues and that every full mining node has to validate every transaction, scaling transaction volume will force centralization.

Also your argument about sacrificing cost is nonsense, because the low cost leader will take hash rate from the others over time by reinvesting higher rates of return.


Edit: Smooth has a valid point if no entity (or collusion of entities) has 51% of the hash rate because then someone could sacrifice mining losses in return for censorship resistant way to post transactions to the block chain. So in that sense, my word "nonsense" is incorrect and I apologize. But the huge glaring flaw is that once the State can regulate 51% of the mining power (which is destined to be centralized), then Smooth's caveat no longer applies. And this is my overriding concern, so that is why I often downplay this caveat that smooth points out.

Edit#2: however if hashrate is very large then smooth's caveat is really pointless because who has enough hash rate to push their transaction onto to the block chain without a pool. And again Satoshi's design doesn't enforce that pools must allow getblocktemplate. If your hashrate is not too small, you can just mine on any pool that offers getblocktemplate and wait a long time until you win a block solution to insert your transaction, or just mine a long time solo. Many could potentially join together to pool their resources to mine at a loss to have ready access to censorship resistance, but unless you are using P2Pool (which can be attacked with share withholding attacks) then the State might target your pool server (but again I think it is easier for them to just target 51% of the hash rate for regulation requiring all transactions to carry KYC, since you might place your server behind an anonymity network although this will be very difficult to do in Satoshi's design because of the bandwidth requirements).

[sidhujag]

Consider the analogy of a parking garage in a very convenient location (say right next to a popular theater) when there is free parking available a short to moderate distance away compared to the situation with the same garage but no free parking available at all. In the first case, the garage may charge only a nominal fee and nearly everyone (or conceivably everyone) might pay it for more convenient access to the theater. In the second case, the garage will charge the maximum fee possible until people stop going to the theater at all.

Except as your analogy applies to Satoshi's proof-of-work design, then the free parking is not accessible by anyone who has a car because it is on the top of a skyscraper[1]. The only people who can access this free parking must either have a helicopter or they must pool their resources to buy one.

You are confusing miners and users. Perhaps they could be the same, but they need not be. (Indeed satoshi's original design more explicitly divides the two than current thinking among many prominent Bitcoin developers.)

r0ach's claim was that pooling of mining in practice makes the consensus system of Bitcoin inherently delegated, but that is false because miners need not pool, and certainly need not pool with one of a fixed set or even a fixed-size set of pools. Thus this is different in structure from a system where delegation is required. (It is true if you posit that Bitcoin will certainly be 51% attacked, as I think you believe but can't prove, and turned into a centrally-controlled system instead, where pools or whatever they are they are called in that outcome enforce membership, but then why bother with the delegation argument, just show that this is certainly true and prove Bitcoin useless unconditionally.)

I specifically doubt that the outcomes will be the same in a system with permitted delegation to an open set of delegates (pools) as opposed to a system with required delegation to a fixed size set of delegates. But if r0ach wants to try to prove the same outcome in his war game model, he is welcome to do so, and I will read his proof with interest. Unfortunately if he does that, then he will show no advantage to DPoS over PoW, which undermines his original argument.

For his original argument to hold he has to show both that the distribution-of-power outcome is different between delegates in DPoS and pools in "delegatable PoW" and that the DPoS outcome is (in some specified way) preferable.

Voting makes dpos preferable

[smooth]

It consumes less electricity.

Miners or delegates or validators or whatever will expend resources only to the extent justified by transaction processing profit margin, which delegates in DPoS will also do. In fact DPoS may well have high profit margins because the number of delegates is fixed, making it a closed market.

So perhaps less electricity, but if so then more resources expended on something else (politics most likely).

(This assumes that the coin distribution phase of Bitcoin is over or insignificant, which must be done to meaningfully compare with DPoS since DPoS is incapable of distributing coins at all.)

Since I already argued that one can't mine with lower economies-of-scale without losing hash rate share over time

I don't agree with your argument that your argument is conclusive. You need to show that economies of scale are net positive at the economically relevant scale, which depends greatly on many undetermined factors.

[sidhujag]

It consumes less electricity.

Miners or delegates or validators or whatever will expend resources only to the extent justified by transaction processing profit margin, which delegates in DPoS will also do. In fact DPoS may well have high profit margins because the number of delegates is fixed, making it a closed market.

So perhaps less electricity, but if so then more resources expended on something else (politics most likely).

(This assumes that the coin distribution phase of Bitcoin is over or insignificant, which must be done to meaningfully compare with DPoS since DPoS is incapable of distributing coins at all.)

Since I already argued that one can't mine with lower economies-of-scale without losing hash rate share over time

I don't agree with your argument that your argument is conclusive. You need to show that economies of scale are net positive at the economically relevant scale, which depends greatly on many undetermined factors.

The number of delegates won't be fixed.. Hence why I posted about the n delegate model and how it prevents top down corrupt entities from retaining control within the voting framework. N is determined dynamically in the same way. I believe min is 101 and there is a max number that isn't outrageous.

[smooth]

The number of delegates won't be fixed.. Hence why I posted about the n delegate model and how it prevents top down corrupt entities from retaining control within the voting framework. N is determined dynamically in the same way. I believe min is 101 and there is a max number that isn't outrageous.

You are correct (I didn't understand your earlier post), the number of delegates is set by stake holder voting, and I haven't analyzed the effect of that structure. As TPTB says, as these systems get more complex the game theory becomes increasingly impractical to analyze.

At first glance it seems dangerous to me since a large malicious stakeholder now has an additional degree of freedom, namely "pack the court" (or perhaps, depending on the specific voting rules, blocking an increase supported by others). But as I said it is extremely difficulty to analyze.

Anyway, this is irrelevant to the question whether it is proper to consider Bitcoin as "Delegated PoW" just because right now, in 2015, most miners happen to delegate. But honestly is that even true by hash rate?

Of the large "pools" Ant, Bitfury, KnC, 21, and maybe some others are certainly running a lot of their own mining gear (though these pools may have independent miners too, in unknown amounts). That's concentrated mining power for sure, but it's not really delegated.

[TPTB_need_war]

I had gone into elaborate analysis as to why proof-of-stake and reputation based systems are inherently centralizing.

Proof-of-work has the potential be an unbounded entropy (i.e. effectively random and not gameable) up to 25 - 51% (25 - 33% for selfish mining) concentrated control of the hash rate. That is where I agree with smooth's caveat, except if permission-less commerce is the goal even that caveat has another caveat which is you've still got to find sufficient hash rate to push your transaction through without KYC if 51% of the hash rate is regulated for KYC.

The poll lacks a choice for "no proof-of-stake system will win".

Proof-of-stake will never remain decentralized:

https://bitcointalk.org/index.php?topic=558316.msg6501774#msg6501774

Send all proof-of-stake currencies to the trashcan.

It is time to squash Proof-of-Stake once and for all. It can NEVER remain decentralized. Satoshi's Proof-of-Work is the only known solution to the Byzantine General's Problem (was a known unsolved problem since at least the 1970s).

Apologies I've been busy and hadn't had time to squash bytemaster's latest N.A.O.D. (nonsense algorithm of the day).

First of all, he never was able to address the issues I raised about Transactions as Proof-of-Stake quoted as follows.

This proposal appears to be flawed, unless I am missing something. I have only read the first 4 pages thus far.

1. You propose to decrease the coin rewards as coin-days-destroyed volume increases, so this makes it less costly for an attacker to obtain > 50% of the hash rate assuming the attacker includes all the transactions. You apparently are attempting to imply there is no useful attack to do if the attacker is including the most coin-days-destroyed? Please confirm or deny then I will dig into more analysis of this vector.

2. Also how do you choose between someone who generates a proof-of-work hash with lower coin-days-destroyed several times sooner than the network propagation delay versus another who generates it that much delayed with a higher coin-days-destroyed? If you choose the latter, then you've killed the proof-of-work incentive because it means it will always pay to be later and wait for more transactions to arrive.

3. You claim to defeat my Transactions Withholding Attack, by blacklisting those who send blocks with transactions that were not recently seen by all miners. I retorted against this recently. This centralizes the network (all for one and one for all outcome) by requiring every miner to be responsible for the incoming network connectivity of other miners. And it centralizes the network in other ways, such it can't tolerate a temporary partitioning of the network due to connectivity outages.

P.S. By coin-days-destroyed, I assume you mean coin value x days, otherwise you would motivate proliferation of dust.

The most significant flaw of any proof-of-stake system and any system that diminishes coin rewards, is it can't distribute currency from the hoarders to the users of the currency, thus it will end up with the hoarders (the banksters) accumulating all the coin and the currency usage dying.

This is because the wealthy spend a much lower % of their net worth than the masses do.

[snip]

Whereas those who actually mine are proactively using their time, ingenuity, initiative and capital to secure the network, thus it seems more capitalistic they should receive the redistribution from the hoarders. Besides it may beis the only viableplausible way to secure the public ledger.

The other attacks you describe all derive from the fundamental reason I declared all non-proof-of-work systems to be insecure back in April.

My logic was mathematically fundamental. The input entropy set is quite deterministic and well known and thus can be preimaged. For example, accumulating a lot of coin-days-destroyed and then targeting them in clever ways to subvert the security.

The randomness (entropy) of each proof-of-work is fundamental and mathematical and it can not be preimaged. It can only be surely defeated with > 50% of the network hash rate. Note I recently offered what I believe to a solution to the selfish-mining attack (the one at hackingdistributed.com that claims 25 - 35% attack).

I am skeptical that you can characterize all possible attack vectors of proof-of-stake in one coherent mathematical proof. Thus you will not know formally what the security is; instead a list of adhoc attacks and counter-measures.

[snip]

Edit: Perhaps coin-days-destroyed in some attack vectors motivates not transacting for long periods of time.

The bottom line is that no proof-of-stake system can ever remain decentralized.

They all will require some sort of delegation of reputation to achieve consensus. I would have to go through a laundry list of examples to cover all the cases. For example, in Transactions as Proof-of-Stake it is required to delegate trust of propagation to the other nodes as I explained above. Thus there needs to be some reputation system to enforce this, e.g. blacklisting, whitelisting, etc.. All the other proof-of-stake systems have a requirement for some form of delegated reputation.

I have many times explained to bytemaster and others the fundamental problem is that any system that attempts to replace proof-of-work will rely on some form of reputation, and reputation is centralization. And centralization is precisely what decentralized crypto-currency is not supposed to be because centralization will always end up control and manipulated (i.e. it is a fiat system).

Trust is orthogonal to reputation and centralization. I can trust Proof-of-Work, which is decentralized trust without reputation. Reputation isn't needed in Proof-of-Work, because the input entropy is fresh (can't be preimaged) on every new TB.

You can 75% attack it if you like, but your nodes wont have any trust, so that block chain will just be ignored.

(In any non-Proof-of-Work design, ) It is mathematically impossible for there to be external consensus trust of the honest chain if the dishonest chain is controlled by more than 51% of the peers. We've covered some of the scenarios upthread, and it always boils down to that the external viewers can not know who to trust except by trusting the majority of peers.

The only mathematical way around this is to centralize the network, by placing more trust in some peers than others over time.

Indeed long-term reputation is a mathematically viable alternative to Proof-of-Work. This is centralization. There are tradeoffs.

So this is not "7 billion individually watching the network", but rather a fewer # of peers with reputation being trusted. This is just the political power vacuum all over again with its contingent problems of vested interests Olsen power scramble:

https://bitcointalk.org/index.php?topic=226033 (No Money Exists Without the Majority)

Notwithstanding the above, any non-Proof-of-Work system can be attacked with much less than 51% of the peers, due to the fact that the input entropy is preimageable, as I explained upthread. Again the only way to work around this is to trust some established peers to guard against this.

Financial transactions must be recorded in a public or private ledger trusted by both the spender and the recipient, otherwise funds could be unspent or double-spent to a plurality of recipients. To provide a ledger that can't be captured, Satoshi described a proof-of-work (PoW) scheme where transaction peers communicating over the network compete to be the first to solve a computational puzzle which is unique for each block of transactions added to a public ledger. The security of this ledger against double-spends has three (3) essential requirements.

1. The computational puzzle can't be preimaged, i.e. nothing can be known about solving the puzzle until the prior block's puzzle is solved.

2. Without at least 50% of the aggregate computational power of all transaction peers, it is not possible to create a modified chain of blocks starting from any present or past block, which would contain more blocks than the block chain controlled by the remaining cooperating peers. Thus the longer chain is trusted.

3. The block chain is cryptographically linked in forward order, such that the historical proof-of-work and transactions can be independently verified at any time in the future. Thus the transaction peers may leave and rejoin the network at will without need for a trusted centralized storage.

Note security point #1 eliminates from consideration PoW schemes in which the puzzle is some real-world computational work because the puzzles are known a priori and are thus pre-imageable. Non-PoW voting and membership schemes disqualify because the ordering of designation of authority (to decide which transactions are in each block) to transaction peers is pre-imageable, or requires peers trusted by reputation which is centralizing on a slippery slope towards Olsen capture.

You must also consider the negative impacts of design features when you state the positive impacts.

Reputation has many downsides:

a. It can be stolen, e.g. threaten first to extort private key, then kill, and keep key.
b. Censorship based on metadata which doesn't always correlate rationally.
c. Discriminate against early adopters out of jealously, i.e. retribution for #b.
d. Regulatory authorities can require the BitName same as they now do Social Security # and Id. They can now establish the BitName is real, because it has (duration) reputation.

The high cost to transfer or revoke a name also has many downsides, e.g. see #d.

I thinking the pool operator (server) does so little relative to work of the pool miners that it doesn't need to charge a very high fee. Thus there isn't much ability (incentive for pool miners) to undercut competitors based on fee.

So there just needs to be a slightest incentive to encourage pool miners to seek out another pool as a pool grows large. This will encourage a poliferation of pools.

How do pool miners know that a pool server isn't cheating them by paying some of the earnings to themselves pretending to be a pool miner?

Go down that line of thought and you will discover what I am thinking.

The only way you can prove a pool isn't cheating is by estimating the hash rate of the pool and comparing it to the number of blocks found.  Unfortunately, you could probably still skim a couple of a percent this way.

Modern protocols (GBT & Stratum) both have the full coinbase transaction visible to the miners, meaning you can verify that the block being built will be paid to a certain address or has a certain message encoded in the block that identifies the pool.  This allows you to audit if the pool is trying to skim blocks if certain users start seeing work without a coinbase message that identifies the pool.  In the case of BTC Guild, it's both, they always pay to the same address and always include "Mined by BTC Guild" in the coinbase message.

It's not no-trust, but all it would take is a few % of users monitoring this to determine if a pool was trying to skim blocks by sending a certain % of work that doesn't include identifying marks.

How could anything less than 100% of the pool miners know if some of the coinbase transactions were to addresses not owned by pool miners who contributed shares?

Since you can never know if you are the 100% (because mining pool shares* are not recorded in the block chain), thus seems to me there is no way to verify if there is skimming or not, as bytemaster and I wrote.

*For those who don't know the terminology, a pool share is a proof-of-work hash below some threshold that is easier than the current network difficulty. It might also be a block solution.

Why don't you just use P2Pool? Is there any reason?

I was waiting for bytemaster to answer because I wanted to know his thoughts. Seems to me that you have no way to stop the Share Withholding Attack since it is decentralized. And every peer has to run more of a full client if I am not mistake. And there is a lot more overhead I believe. And perhaps also much less resistance against denial-of-service flooding. Frankly I didn't analyze for long enough to be very sure of my initial intuition which is to stay away from it.

I know it is generally impossible to enforce reputation on a 100% decentralized system. So I am intuitively skeptical of P2Pool.

P.S. I won't have time to go back here and debate. I am technically qualified and I am 100% sure I am correct.

[TPTB_need_war]

It consumes less electricity.

Miners or delegates or validators or whatever will expend resources only to the extent justified by transaction processing profit margin, which delegates in DPoS will also do. In fact DPoS may well have high profit margins because the number of delegates is fixed, making it a closed market.

So perhaps less electricity, but if so then more resources expended on something else (politics most likely).

(This assumes that the coin distribution phase of Bitcoin is over or insignificant, which must be done to meaningfully compare with DPoS since DPoS is incapable of distributing coins at all.)

Thus as I pointed out in 2013, a very high incentive exists to centralize mining, because transactions fees are a Tragedy of the Commons. We keep coming back to the research I did in 2013. I had already figured all this stuff out back then.

I had even pointed out the block size issue back in 2013, which is now the raging problem today with BitcoinXT alias GavinCoin.

Since I already argued that one can't mine with lower economies-of-scale without losing hash rate share over time

I don't agree with your argument that your argument is conclusive. You need to show that economies of scale are net positive at the economically relevant scale, which depends greatly on many undetermined factors.

I don't understand why you argue that economies-of-scale could be anything other than net positive at increasing scale? Afaics, the only way that wouldn't be true is if mining is not profitable any scale (which is what I hope to achieve in my design).

Also how will you compete as a miner against a increasingly globalized government cooperation which will spend up to 17-18% of the global economy perpetually (the Laffer limit for taxation) to insure it can tax the crypto-currency economy? The government can subsidize miners who comply with demands to censor transactions which do not have KYC, so that they government is not rendered extinct by tax avoidance.

Besides the government can leverage up that 17% homeostatic rate of healthy taxation by using regulation of ISPs.

[smooth]

I had gone into elaborate analysis as to why proof-of-stake and reputation based systems are inherently centralizing.

Proof-of-work has the potential be an unbounded entropy (i.e. effectively random and not gameable) up to 25 - 51% (25 - 33% for selfish mining) concentrated control of the hash rate. That is where I agree with smooth's caveat, except if permission-less commerce is the goal even that caveat has another caveat which is you've still got to find sufficient hash rate to push your transaction through without KYC if 51% of the hash rate is regulated for KYC.

You can't push anything through period if 51% is regulated because that 51% will reject unapproved (not signed with a MSB license number) blocks. That's the 51% attack right there.

Without that issue, I contend that owning the hash rate yourself is not really necessary to push the transaction through yourself because as long as the system is permissionless you can always find someone to push it through for you for a fee. Anywhere you go in the world, even under the most authoritarian regimes, you can always find a black market if you look for it. Thus such oppression really becomes a question of how much it costs to push a transaction through, not whether you can do it at all.

Going back to the original case, Bitcoin's security model simply does not work at all if 51% (really >50%, or >25% or >33% or really even a moderately-large smaller share that could easily collude with some other moderately-large smaller share to form such a bloc) of the hash rate is attacking it. It can be a temporary condition though, where users can just sit on their keys and wait it out, like a hurricane. Whether that is effective is a complex political game theory question that you probably agree we can't really answer and is best avoided altogether if you want any kind of strong security model. That requires either a fundamentally different system or a much better distribution of mining than exists today.

[TPTB_need_war]

I had gone into elaborate analysis as to why proof-of-stake and reputation based systems are inherently centralizing.

Proof-of-work has the potential be an unbounded entropy (i.e. effectively random and not gameable) up to 25 - 51% (25 - 33% for selfish mining) concentrated control of the hash rate. That is where I agree with smooth's caveat, except if permission-less commerce is the goal even that caveat has another caveat which is you've still got to find sufficient hash rate to push your transaction through without KYC if 51% of the hash rate is regulated for KYC.

You can't push anything through period if 51% is regulated because that 51% will reject unapproved (not signed with a MSB license number) blocks. That's the 51% attack right there.

I wrote if that if the 51% is regulated to require KYC meaning on the transactions in the blocks those miners/pools create. I didn't write that the regulation forced them to also hard fork the chain protocol and reject blocks that don't have KYC along with transaction in the blocks produced by the other 49%. Indeed it is probably likely that if regulation requires the former, then it might require the latter, but as you like to always say "not necessarily so". You see a hard fork might be more difficult political quagmire, so I think my distinction was apropos.

Without that issue, I contend that owning the hash rate yourself is not really necessary to push the transaction through yourself because as long as the system is permissionless you can always find someone to push it through for you for a fee. Anywhere you go in the world, even under the most authoritarian regimes, you can always find a black market if you look for it. Thus such oppression really becomes a question of how much it costs to push a transaction through, not whether you can do it at all.

With that attitude I can see why Monero has gone no where fast. The velocity of money collapses in your solution.

I have a much more superior solution than that! I wouldn't tolerate a solution that forces people to enter the underworld just send a transaction.

Going back to the original case, Bitcoin's security model simply does not work at all if 51% (really >50%, or >25% or >33% or really even a moderately-large smaller share that could easily collude with some other moderately-large smaller share to form such a bloc) of the hash rate is attacking it.

Yeah Bitcoin is dead in the water. Any thing new to say?

It can be a temporary condition though, where users can just sit on their keys and wait it out, like a hurricane. Whether that is effective is a complex political game theory question that you probably agree we can't really answer and is best avoided altogether if you want any kind of strong security model. That requires either a fundamentally different system or a much better distribution of mining than exists today.

Yadayada.

[BillyBobZorton]

It was predicted in the early days by Satoshi that mining would end up somewhat centralized, he specifically mentioned "specialized" which basically means centralized. This is why keeping nodes decentralized is the way to go, and this is why we need to avoid things like Bitcoin XT like the plague. Dont want to end up with both centralized mining and centralized nodes, thats the end of Bitcoin basically.

[BitDreams]

Proof of Domination.

[delulo]

It was predicted in the early days by Satoshi that mining would end up somewhat centralized, he specifically mentioned "specialized" which basically means centralized. This is why keeping nodes decentralized is the way to go, and this is why we need to avoid things like Bitcoin XT like the plague. Dont want to end up with both centralized mining and centralized nodes, thats the end of Bitcoin basically.

Nodes only help with redundancy not with security (against tx history reversing) so node decentralization doesntmean anything and is easy to achieve.