So I had this idea for an alt....

[Cryddit]

This is kind of a raw and undeveloped idea, but I'll throw it at the wall anyway and see if anybody can find a good reason why it wouldn't work.

The basic goal would be to keep the network distributed instead of concentrating mining into huge hives of servers who are then the only ones making any new coins.

Suppose there were an alt in which you had to present a proof-of-work -- a small one, but yes, you'd actually have to mine a little bit -- just to make a transaction.  Every transaction would have a 'micro-coinbase' output recording the hash low enough to authorize your spend. 

The priority of transactions would be determined based on two criteria; how good was the proof-of-work, and how much coin age was used up.  It might be something like the sum of the percentile ranking in each category; so if you turn in a zero hash (infinite proof of work), or have more coin age in your tx than anyone else, you get a score of 100 points on a scale of 200.  But if your coin age and proof of work are *both* in the top third with respect to other transactions, then your transaction would have priority of 133 or better.

Blocks would be formed whenever sufficient tx are assembled that total proof-of-work exceeds the minimum difficulty and spent txOuts exceed the minimum coin age.  Whenever there were enough transactions out there to add up to that diff and coin age, somebody - anybody, really - would form a block.

They'd get the tx fees for the block, add the block to the block chain, and publish it.  At this point the value of all the micro-coinbases would be determined according to tx priority.  The bottom quarter in priority would get nothing, the second quartile would split up two shares of the block subsidy, the third would split up three shares, and the highest-priority quartile would split up four shares.

Block chain forks would be resolved in favor of whichever fork had the greatest amount of coin age (proof-of-stake), excluding spends of txOuts created after the fork.  Transactions would have to include the hash of a recent block so they couldn't be replayed into a different fork if the reorg goes back before that block.  This makes txOuts existing before the fork into a finite resource that can't be infinitely duplicated (nothing-at-stake) but also has the effect of invalidating tx if there's a reorg that goes deeper than their base block.

Now, I think this would  work, would reward actual users for reasonable mining efforts accruing to ordinary use, and would pretty strongly resist devolution into a contest to see who has the biggest ASIC farm.

[kiklo]

1st off, not a programmer

However it seems like the requirement of completing a small proof of work before allowing a transaction to be sent ,
could cause large delays in sending transactions once the PoW difficulty increases.

Also not sure if the way you want to implement is even possible,
in Hybrid coins with PoS & PoW , PoS can usually overwrite the PoW side to be sure it is entered in to the blockchain.
Rat4 did a post on it, as a security issue.
The way you describe mixing the PoW with coin age just does not seem very likely.

Addition issue is the PoW side will increase the resources required to run the wallet as it's difficulty increases.

The Nothing at stake issue described by Gmaxwell, is a non-issue for Proof of Stake coins.

Because staking on the online fork makes it impossible , for your Same coins to create enough difficulty on an offline fork concurrently to matter,
As the online fork will always have it's difficulty plus your own if you mine both concurrently.    

PoS & Pow are both protected by this simple fact, Longest Chain with the Highest Difficulty Wins.
Except some PoS Specs also include coin age which further strengthens its security.

The way most PoS coins are protecting the blockchain from a history rewrite (Which I think , that is your goal.)
1. Either have a coin with 1 billion coins or more  (ZEIT , Mint, Noble)
2. Use a Checkpoint Server (Peercoin, HoboNickel)
3. Use Rolling Checkpoints that only allow reorgs up to 500 blocks (Blackcoin)

 

[Cryddit]

I would not expect difficulty to increase very fast; The system simply doesn't provide reward proportional to proof-of-work in the long run.  A miner would not be getting hugely more coins for doing PoW than he'd be getting just for regular tx with minimal PoW, and no matter how much PoW he did it could get orphaned by a chain with less PoW and more coin age if he doesn't process transactions and promptly publish his blocks, so trying to force a reorg with PoW would be futile.  At the same value per block as another coin with a more traditional structure, a miner would always be better off mining the other coin where ALL of the money reward is proportional to Proof-of-work.

Including the hash of a recent block is exactly what Gmaxwell was referring to when he mentioned "staking a block."  It makes the txOuts that existed before the block into a finite resource that can only support one chain or the other, and (sort of) fixes the nothing-at-stake issue. 

It's still pretty sensitive to exactly *when* large, old txOuts get spent though;  Having a checkpoint server sign blocks which thereafter couldn't be rejected in a reorg would be a good idea, settling the canonical-chain issue within seconds if it signs only the first valid block it sees.  But I'd want the system to continue to be robust when the checkpoint server goes offline, so I should think hard about making it really difficult to force a reorg once a block has been accepted, while still allowing it to happen when some nodes do get firmly stuck on the wrong chain, or even after a significant network partition. 

A special nondivisible token on the net that counts for a billion coins in terms of coin age is interesting, but there'd have to be a way to make sure nobody could just keep transferring it back to herself and capture the block chain.  If someone can form every block just by transferring the token from her left pocket to her right every round, she could unilaterally determine who has permission to get tx into the block chain, forever, and that's no good.  You'd also need a way to replace if if it got lost, dislodge it if it got into a txOut that someone just plain doesn't spend ever, and insure that it doesn't get duplicated in a fork. Having one of them bouncing around in each branch of a fork would be a whole lot of no help.