Bitcoin Forum
October 14, 2024, 09:34:47 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Proof of burn - a potential alternative to proof of work and proof of stake  (Read 9080 times)
iain (OP)
Jr. Member
*
Offline Offline

Activity: 33
Merit: 7



View Profile WWW
December 17, 2012, 12:32:56 AM
Merited by muf18 (5), d5000 (1), nutildah (1)
 #1

Readers of this section of the forum may be interested in my proposal for a new core mining protocol for cryptocurrency, "proof of burn" - a potential alternative to proof of work and proof of stake (though perhaps closer in spirit to the latter), with many interesting properties and economic consequences.

        https://en.bitcoin.it/wiki/Proof_of_burn

Comments and feedback welcome.
ripper234
Legendary
*
Offline Offline

Activity: 1358
Merit: 1003


Ron Gross


View Profile WWW
December 17, 2012, 01:08:03 AM
 #2

1. Interesting

2. Should be moved to the alt currencies forum.

3. Can you tl;dr the benefits over proof of stake?

4. The idea of "Coin-burning as a tool for transition between cryptocurrencies" first appeared, I believe, in the so called "Dacoinminster' Second Bitcoin Whitepaper". If you borrowed the idea from there, credit and reference is due. In fact, I think you should refer to it regardless.

Please do not pm me, use ron@bitcoin.org.il instead
Mastercoin Executive Director
Co-founder of the Israeli Bitcoin Association
iain (OP)
Jr. Member
*
Offline Offline

Activity: 33
Merit: 7



View Profile WWW
December 17, 2012, 04:16:49 AM
 #3

1. Interesting

2. Should be moved to the alt currencies forum.

3. Can you tl;dr the benefits over proof of stake?

4. The idea of "Coin-burning as a tool for transition between cryptocurrencies" first appeared, I believe, in the so called "Dacoinminster' Second Bitcoin Whitepaper". If you borrowed the idea from there, credit and reference is due. In fact, I think you should refer to it regardless.

Re comparison with proof of stake: I've posted a brief overview of the economic implications of switching to proof of burn on Peter Šurda's "Economics of Bitcoin" blog. Basically it turns coin-holders into de facto shareholders in the future stream of fees (minus miners' supporting costs) - just like proof of stake does - but with the interesting extra feature that the coin-holders don't have to become miners to realise their share of these "de facto dividends". (Of course, that could be argued to have its downside - less incentive to become a miner perhaps? - but the potential upside is a really solid strengthening of the coin's value, helping make various attacks more expensive all round.)

Re the earlier work: no, I hadn't come across that, thanks for the reference to it! I've added a link to it on the Wiki page - though I do warn readers that the earlier work is of a centralised nature (the "trusted entity" business), and not directly comparable to decentralised proof-of-burn mining. But yes, it's still interesting that coin-burning was "in the ideasphere" already!
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1010



View Profile
December 17, 2012, 05:46:56 AM
 #4

I have a few problems with this proposal

1)  I'm not convinced that producing a script that is always false, that hashes out to a previously used address, qualifies as proof that said address doesn't also have an honest private key.  What is to prevent any miner who has successfully mined a block in the past, to brute force a false script that produces the same hash address?  This would certainly be easier than trying to force a key-pair collision, as the script doesn't have to fit into a pre-determined key length, and just about any false script should qualify, would it not?  Brute forcing all the txout's in the block that you have already found, and finding even one match, gives that miner unearned advantages while not preventing said txout from being respent anyway.

2)  Assuming this does work as well as intended, the net result is that the block reward is simply lower, so isn't it just an auction for the cheapest miner willing to do the work?

3)  The precise number of coins in present circulation cannot be determined, but this might also be true with PoW if we consider the unknown number of lost private keys.

4)  The very real expenditure of resources prohibits the attacker who is otherwise willing to deliberately accumulate coins in order to destroy the currency.  Basicly, methods such as PoS and PoB create a potential attack vector that PoW doesn't suffer from; the case of a long trustworthy node turning to the dark side, for whatever reason.  A 51% brute force attack is just as costly for any attacker, no matter who, when or why they choose to attack.  The other methods elevate certain players into a 'trusted node' status, by different methods, and could provide an attacker leverage by only compromising the security model of a major trusted node first.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
FreeMoney
Legendary
*
Offline Offline

Activity: 1246
Merit: 1016


Strength in numbers


View Profile WWW
December 17, 2012, 10:50:36 AM
 #5

The angle I like on this is not a PoB system exactly, but a PoB method of transfer to a new crypto-currency. It allows for gradual and voluntary transition to a system with incompatible rules. I think if a better system than bitcoin was devised a PoB bridge could save it years of bootstrapping.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
Sergio_Demian_Lerner
Hero Member
*****
Offline Offline

Activity: 555
Merit: 654


View Profile WWW
December 17, 2012, 02:27:21 PM
 #6

Interesting...

What if the coin get stuck in a time where nobody has burn enough coins in the past two months?

No new block will appear, and there will be no re-calculation of the target price. Also there will be no more coins burnt since no new block is holding the transaction where coins are burnt.

Wouldn't that be kind of deadlock ?
cunicula
Legendary
*
Offline Offline

Activity: 1050
Merit: 1003


View Profile
December 17, 2012, 03:42:45 PM
 #7

Instead of putting in lottery data, why not ask the miner's to submit the randomness, i.e. the miners submit a 0 or 1 with each block? The aggregation of these 0s and 1s is a source of "randomness". I don't think you could do much to help yourself with just a 0 or a 1. On the other hand, the aggregation of a long series of 0s and 1s will be unpredictable unless the chain is already under the control of a single agent.
Sergio_Demian_Lerner
Hero Member
*****
Offline Offline

Activity: 555
Merit: 654


View Profile WWW
December 17, 2012, 03:57:52 PM
 #8

I proposing an alternative to PoBurn that does not require a random source.
I'm posting it in a new thread. Check https://bitcointalk.org/index.php?topic=131230.0
Sergio_Demian_Lerner
Hero Member
*****
Offline Offline

Activity: 555
Merit: 654


View Profile WWW
December 17, 2012, 07:29:50 PM
 #9

Can you use Bitcoin block hashes as a source of randomness ?
If Bitcoin is secure, then Burncoin will be, without the need for merged mining.

cunicula
Legendary
*
Offline Offline

Activity: 1050
Merit: 1003


View Profile
December 18, 2012, 01:16:24 AM
 #10

Question: Are the "simulated GPUs permanent?", i.e. once I create one and wait the two months can it continue mining bitcoins forever (with hashing power proportional to its initial burn)?

If not, then I think this proposal is going to be extremely insecure relative to PoS and/or PoW. If the burn is transient, then the security device is equivalent to GPUs that self-destruct after a certain amount of time has gone by. That is bad. If the lifespan of the simulated rigs is short, then double-spending attacks will be exceptionally cheap.

If the burn is permanent, then you are essentially selling something like dilutable shares in the discounted present value of all future txn fees. To attack this, you would need to burn more than the sum total of all past burns. That would like be a significant proportion of all total coins. There is also the nice property here that attack costs increase monotonically over time (ignoring careless loss of simulated rigs by participants). I don't think this will be as secure as PoS, but it seems secure enough and there appear to be general benefits in terms of accelerated deflation. The permanent burn seems like a good approach to me.

I am not happy with your solution to the randomness problem. I don't think there should be any external dependencies. Just ask anyone who mines a block to submit 1 byte of randomness. I think that will work fine. It is impossible to manipulate the future any meaningful degree with just one byte of randomness. However, block sequences generate a very large amount of randomness, so future behavior over a time scale longer than a few hours is completely unpredictable.






TierNolan
Legendary
*
Offline Offline

Activity: 1232
Merit: 1104


View Profile
February 09, 2013, 04:05:52 PM
 #11

Why do you need the external randomness?

Couldn't you just have the "simulated rig" generate a lowest hash each second of

Hash(<Rig-Id>, new block-id, t) / (number of burnt coins)

where t is the timestamp in the header.

The Rig-Id would be selected by the buyer when burning the coins/buying the rig.  There would be a rule that duplicate seeds are not allowed.

If there are 2 chains with the same psuedo-proof of work, the one with the earliest timestamp at the fork would win.

The decay in power of the rigs is a good plan.  However, if the currency deflates, then buying later would effectively be cheaper, so maybe not necessary.

I wonder if it using the number of coins burned over time could be used to measure deflation.

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
Altoidnerd
Sr. Member
****
Offline Offline

Activity: 406
Merit: 251


http://altoidnerd.com


View Profile WWW
January 11, 2014, 04:20:07 AM
 #12

I'm trying to understand this transaction.

https://blockchain.info/tx/8e08bfdf208f0e2659615ab035523c792d41d808c698d25eb12489c74c78fc80

Do you even mine?
http://altoidnerd.com 
12gKRdrz7yy7erg5apUvSRGemypTUvBRuJ
mtbitcoin
Legendary
*
Offline Offline

Activity: 876
Merit: 1000


Etherscan.io


View Profile
January 11, 2014, 06:29:52 AM
 #13


These are the burns (POB) for Counterparty

See https://bitcointalk.org/index.php?topic=395761.0

Cheers

EtherScan::Ethereum Block Explorer | BlockScan::Coming Soon
Altoidnerd
Sr. Member
****
Offline Offline

Activity: 406
Merit: 251


http://altoidnerd.com


View Profile WWW
January 11, 2014, 07:00:56 AM
 #14


Thanks for the link the the ANN.

Do you even mine?
http://altoidnerd.com 
12gKRdrz7yy7erg5apUvSRGemypTUvBRuJ
wiggi
Sr. Member
****
Offline Offline

Activity: 403
Merit: 251


View Profile
January 13, 2014, 01:54:53 PM
 #15

The angle I like on this is not a PoB system exactly, but a PoB method of transfer to a new crypto-currency. It allows for gradual and voluntary transition to a system with incompatible rules. I think if a better system than bitcoin was devised a PoB bridge could save it years of bootstrapping.
It allows for voluntary transition to a new system, but isn't it a waste of BTC?
I.e. if you have 2 new systems with incompatible rules, one requires PoB and the other just "Proof of Ownership",
otherwise they are identical, I don't see the reason why the PoB version would have higher market value, except "people
made sacrifices for it, therefore it must be valuable".
520Bit
Sr. Member
****
Offline Offline

Activity: 602
Merit: 252



View Profile
January 26, 2014, 02:53:11 AM
 #16


But why it showed that 'Unable to decode input address' in the block chain? It is strange!
520Bit
Sr. Member
****
Offline Offline

Activity: 602
Merit: 252



View Profile
February 06, 2014, 04:18:03 AM
 #17

The concept was proposed in 2012, then the Counterparty team put the PoB to reality now.

https://bitcointalk.org/index.php?topic=395761.0
RGBKey
Hero Member
*****
Offline Offline

Activity: 854
Merit: 658


rgbkey.github.io/pgp.txt


View Profile WWW
February 06, 2014, 04:51:02 AM
 #18

Couldn't we use this to transfer from bitcoin to a stronger protocol should the need arise?
hashman
Legendary
*
Offline Offline

Activity: 1264
Merit: 1008


View Profile
February 06, 2014, 12:33:06 PM
 #19

How is burning N coin to mine a total of (coinbase + fees) M coin per block any different than mining a coin with no proof of burn required but with total reward (M-N) ? 

 
Anotheranonlol
Hero Member
*****
Offline Offline

Activity: 588
Merit: 504


View Profile
February 06, 2014, 12:51:58 PM
 #20

Couldn't we use this to transfer from bitcoin to a stronger protocol should the need arise?

Yes

How is burning N coin to mine a total of (coinbase + fees) M coin per block any different than mining a coin with no proof of burn required but with total reward (M-N) ?  

 

How would you calculate total reward? you mean - total monetary supply of M? or M used to receive N ? sry half asleep.

with counterparty it doesn't use PoW function so there would be no miners, the proof of burn (ie sending to a provably unspendable address) as distribution mechanism just ensures no single party receives a massive initial payout before anything is done, in that sense it's trustless- the developers have to have faith in the project by backing with their own funds the same as joe public

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!