DECENTRALIZED crypto currency (including Bitcoin) is a delusion (any solutions?)

[TPTB_need_war]

Does anyone know of any proof which says that convergence can be guaranteed without a block reward? I would like to hear more detail because it's my gut feeling that it cannot.

I am working on it for a white paper.

Details are upthread.

We've covered the issues upthread, perhaps not to your satisfaction.

Let me reiterate again that the math you cited from Meni Rosenfeld was incomplete and thus incoherent. I explained that the same probabilistic guarantees can be obtain by increasing the number of confirmations rather than increasing the block reward.

The Nash equilibrium in an unprofitable PoW design (which doesn't require there is necessarily no block reward but rather just that the block reward is less than profitable at the current difficulty) is that payers want their transactions to be included in the longest-chain, thus they will send their PoW shares towards confirming blocks which honor the LCR.

In my design, the amount of electricity that secures the coin is sensibly insignificant relative to the value of transactions since each transaction includes a PoW share.

[monsterer]

Let me reiterate again that the math you cited from Meni Rosenfeld was incomplete and thus incoherent. I explained that the same probabilistic guarantees can be obtain by increasing the number of confirmations rather than increasing the block reward.

In a system with no block reward, you can calculate the probability that an attacker can outpace the rest of the network from N blocks deficit. However, I don't see a way to put bounds on when it is safe to accept a transaction of size X as confirmed because the amount of PoW on top of any given transaction doesn't have a value which is easily observed.

(which doesn't require there is necessarily no block reward but rather just that the block reward is less than profitable at the current difficulty)

If the block reward is unprofitable in a system with adjustable difficulty, this is not an equilibrium, so the difficulty will adjust downwards until it there is one. If your design includes other factors which you are not revealing, this may be different, but with what I know this is how I see it.

[TPTB_need_war]

Let me reiterate again that the math you cited from Meni Rosenfeld was incomplete and thus incoherent. I explained that the same probabilistic guarantees can be obtain by increasing the number of confirmations rather than increasing the block reward.

In a system with no block reward, you can calculate the probability that an attacker can outpace the rest of the network from N blocks deficit. However, I don't see a way to put bounds on when it is safe to accept a transaction of size X as confirmed because the amount of PoW on top of any given transaction doesn't have a value which is easily observed.

I explained upthread that the math is incoherent and there is no bound with profitable proof of work either due to k. I will formalize the argument in a white paper, not now.

(which doesn't require there is necessarily no block reward but rather just that the block reward is less than profitable at the current difficulty)

If the block reward is unprofitable in a system with adjustable difficulty, this is not an equilibrium, so the difficulty will adjust downwards until it there is one. If your design includes other factors which you are not revealing, this may be different, but with what I know this is how I see it.

In my design every txn includes a PoW share thus difficulty will not reduce unless transactions reduce. The sender of the txn is entirely unconcerned about the cost of producing the PoW share.

The threshold of the difficulty to win a block will increase accordingly so that the block period remains constant.

[monsterer]

I explained upthread that the math is incoherent and there is no bound with profitable proof of work either due to k. I will formalize the argument in a white paper, not now.

There is, but not in a chain with blocks. You need one transaction per block for this.

edit: if you have blocks, you have to make assumptions about k in order to bound the acceptability.

[TPTB_need_war]

Summary of my design and its significance.

The stated problem bounds do not include being able to tell whether someone controls >50% of the hash rate. That isn't in the paper at all. The wording of the paper is "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network". It doesn't matter whether they cooperate via pools or otherwise, either way it is outside the bounds.

Without considering the Sybil attack, then one isn't solving the Byzantine fault issue, i.e. isn't solving the Byzantine Generals problem (which is the correct title of this thread). Just because Satoshi failed to mention that he hadn't solved what he was implying to have solved, doesn't make that just having a majority of the hashrate is the only consideration in a PoW solution to the Byzantine Generals problem.

There is no Sybil attack possible on the problem as stated. "A majority of CPU power" is a physical quantity which can't be Sybil attacked. Period.

The Byzantine Generals problem does not state "A majority of CPU power" as the problem. I already stated that is Satoshi's requirement but as the correct title of this thread points out, Satoshi's stated requirement is not a solution to the Byzantine Generals problem. Period.

One of the attack vectors in solving the Byzantine Generals is the Sybil attack. The Byzantine Generals problem is all about the need to trust that 2/3 of the generals are loyal without centralization where all generals are the same person, i.e. that there is no Sybil attack.

Anyone who has studied all the variants of consensus algorithms (as I have) will know clearly that Sybil attacks are always resolved via centralization of the protocol.

This is why as I looked for an improvement over all of what has already been tried, I was cognizant of that I would need to accept centralization in some aspect and so I began to look for the possibility of controlling centralization with decentralization, i.e. a separation of orthogonal concerns which is often how paradigm shifts arise to  solve intractable design challenges.

Every consensus design creates centralization. This will always be unavoidable due to the CAP theorem. The key in my mind is to select carefully where that centralization should be.

• Satoshi's PoW consensus design centralizes because a) SHA256 has orders-of-magnitude lower electrical cost on ASICs, b) full nodes must centralize (maximize pooled hashrate) to win the battle over who will have the most profitable verification costs (which can be accomplished with a Sybil attack), and c) variance of block rewards require maximizing pooled hashrate (at least up to double-digit percentages and Sybil attack incentives kick in from there).
• Stellar's SCP consensus design centralizes because although it can't diverge, it requires that slices are not Sybil attacked to avoid eternal preemption (being jammed stuck forever).
• Ripple's consensus algorithm diverges unless it is centralized trust, as confirmed by Stellar's divergence before it switched to the SCP algorithm.
• Iota's (any DAG's) consensus diverges unless centralization can force the mathematical model that payers and recipients encode in their interaction with the system.
• Ethereum never solved the issue that verification of long running scripts can't be decentralized. They are now off another deadend tangent (consensus-by-betting, Casper, shards) trying to deny the CAP theorem.
• PoS is centralization.

Extracting the generative essence of an issue is what I do. That is where I have made my career in the past and will do so again.

[TPTB_need_war]

Bitcoin didn't solve BGP either. Nothing does because...

What you keep denying is that there are solutions (all solutions, and provably so in the case of BGP) that solve the problem within a specified range. Generally up to 33%-of-generals in the case of BGP and maybe 50%-of-hash rate for Bitcoin.

ASIC-resistant PoW seems like a delightful idea to me.  Is memory latency the barrier to stand upon for the ages?  Hmm, that sounds familiar.

Of course no PoW proving algorithm (of any design) can be as efficient on less optimized consumer hardware and retail electricity (10 - 20 cents per KWH) as compared to highly optimized ASIC mining farms on 0 - 4 cents per KWH electricity (hydropower colocated or China's collectivized corruption). Even distributing ASICs to consumers won't level the playing field and not only because of differences in electricity costs, yet also due to economies-of-scale, access to lower interest loans, better connectivity to the major pools of the P2P announcement network, amortization of block chain verification over great income, etc..

Profitable PoW will always centralize, because there is a "selfish mining" attack always ongoing and there is no such thing as a minimum requirement for 25 or 33% of the hashrate, because (a conceptual variant of) "selfish mining" is built into the economics of Bitcoin (e.g. the amortization of verification costs, etc).

That is why I designed an UNprofitable PoW system. There is no other hope.

Edit: the reason I am interested in narrowing the margin between PoW prover computation on consumer hardware and mining farms, is because in an UNprofitable mining design then the aforementioned ratio dictates from the ratio of UNprofitable hashrate to profitable hashrate determines how high that block reward can be and not be profitable to any miner. Obviously a coinbase reward of 0 is always UNprofitable (unless transaction fees are considered which is another detail I covered in the Decentralization thread).

[Come-from-Beyond]

ASIC-resistant PoW seems like a delightful idea to me.  Is memory latency the barrier to stand upon for the ages?  Hmm, that sounds familiar.

Of course no PoW proving algorithm (of any design) can be as efficient on less optimized consumer hardware and retail electricity (10 - 20 cents per KWH) as compared to highly optimized ASIC mining farms on 0 - 4 cents per KWH electricity (hydropower colocated or China's collectivized corruption). Even distributing ASICs to consumers won't level the playing field and not only because of differences in electricity costs, yet also due to economies-of-scale, access to lower interest loans, better connectivity to the major pools of the P2P announcement network, amortization of block chain verification over great income, etc..

Profitable PoW will always centralize, and there is a selfish mining attack always going on and there is no such thing as a requirement for 25 or 33% of the hashrate, because the selfish mining is built into the economics of Bitcoin (e.g. the amortization of verification costs, etc).

That is why I designed an UNprofitable PoW system. There is no other hope.

Memory latency barrier can't protect against those who implement mining algorithm in another kind of architecture. Von Neumann/Harvard architecture is not the only way. For example, artificial neural networks can do even super-Turing computations and they don't have von Neumann bottleneck problem.

[TPTB_need_war]

Iota has unprofitable mining so one could say I took that idea from Iota (although I had the idea for a while now, but I won't deny that Iota focused me to concentrate on it again when I started this thread). Also from Iota (and a bit from Dash Evolution but I was already working on this design I just was able to merge some ideas together to jump some hurdles) my design inherents some aspects of a DAG but the partitions are intra-block and are forced to converge at each block announcement.

Note I am not 100% sure (yet) I don't have a flaw in my contemplated design. I need to go quiet to work through all the details of that and a zillion other TODO.

P.S. readers wondering what happened, I took CfB off Ignore due to a civil discussion we had in another thread.

[LucyLovesCrypto]

Iota has unprofitable mining so one could say I took that idea from Iota (although I had the idea for a while now, but I won't deny that Iota focused me to concentrate on it again when I started this thread). Also from Iota (and a bit from Dash Evolution but I was already working on this design I just was able to merge some ideas together to jump some hurdles) my design inherents some aspects of a DAG but the partitions are intra-block and are forced to converge at each block announcement.

P.S. readers wondering what happened, I took CfB off Ignore due to a civil discussion we had in another thread.

How many hours a day do you spend reading and posting on this forum? I like reading your posts but I wonder if spending that much time here is in your self interest.

If you could spend more of your time coding and launch it I think you would find a lot of support. Sometime in 2016 I would love to see a production ready solution of yours that addresses the incentive, security and decentralization topics you discuss.

[TPTB_need_war]

If you could spend more of your time coding...

Agreed I am really trying to wrap it up here in the forum. I think it is important to make it clear about the centralization problem. Thank you. (yes I waste too much time in the forum)

Bitcoin didn't solve BGP either. Nothing does because...

What you keep denying is that there are solutions (all solutions, and provably so in the case of BGP) that solve the problem within a specified range. Generally up to 33%-of-generals in the case of BGP and maybe 50%-of-hash rate for Bitcoin.

... amortization of block chain verification over great income...

Profitable PoW will always centralize, because there is a "selfish mining" attack always ongoing and there is no such thing as a minimum requirement for 25 or 33% of the hashrate, because (a conceptual variant of) "selfish mining" is built into the economics of Bitcoin (e.g. the amortization of verification costs, etc).

I explained upthread the Tragedy of the Commons (not just in the quote above) that the miner with more hashrate wins more of the blocks thus has a greater income yet all miners have to do the same verification (of all transactions). Thus, (and most certainly egregious as the transaction rate scales to Visa scale and block rewards decline to 0 with transaction fees declining to costs in a non-oligarchy free market), the miners possessing greater hashrate will have a much higher profit (regardless whether their mining hardware is more efficient or their electricity is less expensive) because their transaction verification costs are amortized across all their income. Thus Bitcoin is always reducing miners with lower hashrate's relative capital (to purchase more hashrate) relative to those with higher hashrate (all other factors held constant, which is the same stipulation that must be made in the case of the selfish mining attack).

The official selfish mining attack applies when the attacker has 33% of the hashrate (or 25% with better propagation) is one where block solutions are withheld while the attack remains 1 block ahead of the rest of the network and then propagated immediately if the network catches up, thus mathematically/statistically forcing the rest of the network to waste some of their mining hashrate relative to the selfish miner (and do note all miners waste some hashrate due to the natural orphan rate caused by the ratio of propagation to block period but selfish mining is to the advantage of the selfish miner).

So when I wrote that the inequality between block mining income and verification costs (a.k.a. amortization of verification costs Tragedy of the Commons) is another form of "selfish mining", I mean in the sense that miners with more hashrate cause those with less hashrate to be less profitable, which thus drives centralization of mining because less profitable miners can buy less hashrate relative to more profitable miners. And note there is no minimum requirement for 25% or 33% of the hashrate, as this economic attack is implicit in PoW mining. And thus just like selfish mining it will cause mining to trend towards centralized until an oligarchy can form which agrees to share (centralize) verification costs and not selfish mine each other (because the official selfish mining can be a stalemate loss for both if they both have > 25% of the mining hashrate, thus they are forced to form an oligarchy or fight to the end in a "winner take all").

For the curious, I showed the math from the selfish mining white paper with a tweak to pay all orphaned chains block rewards and it fixed the official selfish mining attack (but not the amortization of verification costs centralizing economics problem). But I think later I found a flaw with convergence of consensus but I forget and that detail is some where in my vaporcoin thread (in a discusssion between monsterer and myself).

Edit: one might claim that the ratio of disparity in profit is equivalent to the ratio of the hashrate and ratio of amortized verification costs (since income is proportional to hashrate if variance is not considered), thus proportional hashrate would remain unchanged and thus my claim of trending to centralization would be invalid in this case of amortized verification costs. However that would only be true if the profitability was proportional to the relative hashrate without any verification costs, which is not true due to ASIC, electrical, and other efficiencies. These other efficiencies are the fundamental issue. Then add the variance and propagation cost (wasted hashrate mining an orphan for those with lower hashrate) issues and thus pools with greater hashrate have a disproportionate profitability relative to proportional verification costs.

[monsterer]

For the curious, I showed the math from the selfish mining white paper with a tweak to pay all orphaned chains block rewards and it fixed the official selfish mining attack

Your proposed fix makes every double spend cost free, and the suggested countermeasures are not feasible.

[TPTB_need_war]

For the curious, I showed the math from the selfish mining white paper with a tweak to pay all orphaned chains block rewards and it fixed the official selfish mining attack (but not the amortization of verification costs centralizing economics problem). But I think later I found a flaw with convergence of consensus but I forget and that detail is some where in my vaporcoin thread (in a discusssion between monsterer and myself).

Your proposed fix makes every double spend cost free, and the suggested countermeasures are not feasible.

Please quote me correctly! I have corrected your quote above of myself to include what I wrote but you had not included! The underhanded, childish smear campaign needs to stop.

I am not going to rehash that proposal. I already stated that I had found a flaw in it and thus I am not pursuing. I don't think your statement is complete, but again I don't want to revisit a proposal which I am not pursuing. I lack the time.

[TPTB_need_war]

...it's security through obscurity, where the only way anyone actually knows the security of the system at any given time is for you to know the total hash rate and acquire 51% of it yourself.  I think there's a distinction to be made between provably secure, provably bad or invalid security, or in the case of Bitcoin, an unknown level of security to most or all parties at all times.

I will elaborate/reinforce on your point below...

As Smooth said, such a system can still have value.  You don't have to be a perfect system, just better or competitive with the others.

What is the value of a system that must become an oligarchy? I have better things to do with life than waste it building a copy of the Federal Reserve that is global and puts all our transactions in the clear text on the block chain.


smooth and monsterer continue to repeat over and over the claim that Satoshi's PoW design is Byzantine fault tolerant in the case that some % of the hashrate is not "faulty" (and they've proposed 33% to 51%, or even 25% in a special case of official selfish mining).

I have explained in the prior post that there is no % at which Satoshi's PoW design is not economically driven to centralize due to "selfish mining" (official and the Tragedy of the Commons case I explained).

ArticMine also pointed out in my Decentralization thread another Tragedy of the Commons  in Satoshi's PoW that is economically driven to centralization because block size can't be controlled algorithmically thus it will either be driven to a fixed size set by 51% control over mining (with infinite transaction fees a possibility due to centralized control) or to infinite block size with zero transaction fees but the latter of course will bankrupt mining so only the former can be the outcome. I then argued/showed that Monero's proposed algorithmic block size scaling feature has a mathematical flaw, thus I argued/showed it doesn't solve the issue.

I believe my contemplated decentralized UNprofitable PoW design (with intra-block partitioning and centralized verification) fixes the above problems with Satoshi's PoW design, but I need to work on it more to become more confident/certain there isn't an unacceptable flaw/tradeoff.


I am explaining to smooth and monsterer that Satoshi's PoW design has no asymptotic security because it must economically centralize. David Mazières a PhD Computer Science professor at Stanford who is the Chief Scientist at Stellar, co-authored Kademlia DHT (Distributed Hash Transform), and is an expert in this field of Byzantine fault tolerant decentralized/distributed systems has explained that Bitcoin doesn't have asymptotic security (and he argues that is because the hashrate is in control and thus there is no conclusive objectivity in the system and the entire block chain can be erased and replaced by a longer chain that comes along any time in the future).

I don't really buy into the argument that the entire block chain can be replaced; because I believe the community will create social checkpoints.

Rather my upthread argument is that Byzantine fault tolerance requires the ability to distinguish between a fault and a non-fault, because otherwise the system does not present the same symptoms to all observers (which is a requirement of Byzantine fault tolerance). Satoshi's PoW can't distinguish a fault (attack) from a non-fault (non-attack).

smooth and monsterer retort that it doesn't matter and the system is non-faulty up to some % of the hashrate being non-faulty. But again we can't detect faulty from non-faulty, so we don't know if the system is faulty or non-faulty. And I have further shown there is no % at which the system is stable and will maintain non-faulty (because trend is to centralization) indefinitely.

Whereas, all other solutions to the Byzantine fault tolerance must have an element of centralization in order to be able to distinguish faults from non-faults.

This is why I said I focused my design on including some centralization but controlling it via UNprofitable decentralization of PoW from payers. Whereas, Satoshi's PoW design lies and claims decentralization and fault tolerance, but instead has asymptotic centralization and Sybil attacked truth (because no one can prove the faults distinct from the non-faults).

Thus Satoshi's PoW is a winner take all design, not a stable Byzantine fault tolerant design which can tell us when it is limits have become faulty.

The undetectable Sybil attack on pools combined with the economic incentive to pool more hashrate to amortize verification costs and lose less hashrate on mining fewer orphans, is another example of how Satoshi's PoW design is not Byzantine fault tolerant  because observers can't all observe the same symptoms w.r.t. to faulty or non-faulty progression of the system.

One of the attack vectors in solving the Byzantine Generals is the Sybil attack. The Byzantine Generals problem is all about the need to trust that 2/3 of the generals are loyal without centralization where all generals are the same person, i.e. that there is no Sybil attack.

Anyone who has studied all the variants of consensus algorithms (as I have) will know clearly that Sybil attacks are always resolved via centralization of the protocol.

This is why as I looked for an improvement over all of what has already been tried, I was cognizant of that I would need to accept centralization in some aspect and so I began to look for the possibility of controlling centralization with decentralization, i.e. a separation of orthogonal concerns which is often how paradigm shifts arise to  solve intractable design challenges.

Every consensus design creates centralization. This will always be unavoidable due to the CAP theorem. The key in my mind is to select carefully where that centralization should be.

• Satoshi's PoW consensus design centralizes because a) SHA256 has orders-of-magnitude lower electrical cost on ASICs, b) full nodes must centralize (maximize pooled hashrate) to win the battle over who will have the most profitable verification costs (which can be accomplished with a Sybil attack), and c) variance of block rewards require maximizing pooled hashrate (at least up to double-digit percentages and Sybil attack incentives kick in from there).
• Stellar's SCP consensus design centralizes because although it can't diverge, it requires that slices are not Sybil attacked to avoid eternal preemption (being jammed stuck forever).
• Ripple's consensus algorithm diverges unless it is centralized trust, as confirmed by Stellar's divergence before it switched to the SCP algorithm.
• Iota's (any DAG's) consensus diverges unless centralization can force the mathematical model that payers and recipients encode in their interaction with the system.
• Ethereum never solved the issue that verification of long running scripts can't be decentralized. They are now off another deadend tangent (consensus-by-betting, Casper, shards) trying to deny the CAP theorem.
• PoS is centralization.

[TPTB_need_war]

I explained upthread that the math is incoherent and there is no bound with profitable proof of work either due to k. I will formalize the argument in a white paper, not now.

There is, but not in a chain with blocks. You need one transaction per block for this.

edit: if you have blocks, you have to make assumptions about k in order to bound the acceptability.

Agreed on the edit.

So we can see that profitable PoW is not bounded either if k is unbounded, but you can argue that UNprofitable PoW is not bounded at any k > 0. But the retort is that difficulty in my UNprofitable PoW design will not be limited to a difficulty which makes the cost of mining precisely equal to the block rewards, and thus the difficulty the attacker is facing is unbounded which is not the case in Satoshi's PoW design where difficulty is bounded by profitability of the marginal miners.

I asked you wait for the white paper, but there is a hint to you for you to chomp on interim time.

...the fact is the math models are often myopic[1]...

[1]

Meni Rosenfeld's myopic math, and note Meni is a widely respected academic: https://bitcointalk.org/index.php?topic=1319681.msg13633504#msg13633504 And my explanation of the myopia: https://bitcointalk.org/index.php?topic=1319681.msg13797768#msg13797768 https://bitcointalk.org/index.php?topic=1319681.msg13819991#msg13819991 https://bitcointalk.org/index.php?topic=1319681.msg13763395#msg13763395 https://bitcointalk.org/index.php?topic=1319681.msg13647887#msg13647887

[Come-from-Beyond]

UNprofitable PoW

This reminded me to tell that Iota shouldn't be mentioned together with UNprofitable PoW in the same phrase. The PoW is not subsidized (like 25 BTC in Bitcoin or fees) but it can still be profitable, Iota allows that. This nuance may confuse those who decide to dig deeper into Iota after reading what you wrote about it.

[TPTB_need_war]

UNprofitable PoW

This reminded me to tell that Iota shouldn't be mentioned together with UNprofitable PoW in the same phrase. The PoW is not subsidized (like 25 BTC in Bitcoin or fees) but it can still be profitable, Iota allows that. This nuance may confuse those who decide to dig deeper into Iota after reading what you wrote about it.

Do you mean the computation of the PoW can be outsourced from the payer and the payer could pay a fee?

In that sense our designs are equivalent then. The assumption is that such outsourcing will be driven to very low profit margins near to costs. Also the payer is still in control of whom they outsource to, so control is still decentralized.

[Come-from-Beyond]

Do you mean the computation of the PoW can be outsourced from the payer and the payer could pay a fee?

In that sense our designs are equivalent then. The assumption is that such outsourcing will be driven to very low profit margins near to costs. Also the payer is still in control of whom they outsource to, so control is still decentralized.

Yes, the transaction issuer can add an extra output that pays some amount to some address. If the owner of that address wants to get the money he has to attach PoW to the whole transaction. Effectively it's like fee, but it's not mandatory. Note that anyone could attach the PoW but only payment beneficiary will win from that, does it mean that "the payer is still in control of whom they outsource to"? Maybe.

I wouldn't say that the designs are equivalent because miners (or fees) were removed to make a homogeneous system. And subsidy was removed because a DAG-based coin with subsidy can't come to a consensus and find Nash equilibrium at the same time. The outcome may be the same, but the intentions were different.

[monsterer]

And subsidy was removed because a DAG-based coin with subsidy can't come to a consensus and find Nash equilibrium at the same time.

I'd like to hear why you say this, or can you direct me to a proof?

[Come-from-Beyond]

And subsidy was removed because a DAG-based coin with subsidy can't come to a consensus and find Nash equilibrium at the same time.

I'd like to hear why you say this, or can you direct me to a proof?

We didn't find a solution that would allow to add subsidy into a DAG-coin without lowering its security. This can't be treated as a proof, but I hope you'll give me a discount because asymmetry of proofs is very large, i.e. it's hard to prove that unicorns don't exist but is trivial to prove the opposite if you happen to find one.

PS: Miners would compete against each other if subsidy was allowed, moving consensus convergence point beyond the horizon.

EDIT: On the first sight, this looks as an excuse for explaining why Iota went sale route instead of generating the tokens a-la Bitcoin. If you have thought so, spend 5 seconds to look at the design again.

[monsterer]

We didn't find a solution that would allow to add subsidy into a DAG-coin without lowering its security. This can't be treated as a proof, but I hope you'll give me a discount because asymmetry of proofs is very large, i.e. it's hard to prove that unicorns don't exist but is trivial to prove the opposite if you happen to find one.

PS: Miners would compete against each other if subsidy was allowed, moving consensus convergence point beyond the horizon.

EDIT: On the first sight, this looks as an excuse for explaining why Iota went sale route instead of generating the tokens a-la Bitcoin. If you have thought so, spend 5 seconds to look at the design again.

No, I don't see this as an excuse - in fact, I am writing a white paper at the moment which has parallels to Tangle, but it has a mining subsidy and I want to be sure that I've covered all the angles, so the fact you chose to disallow it is important to me.