Proposal: New PoW mechanism to combat mining centralization

[alkan]

Despite the original idea of everyone being able to mine Bitcoins, mining is nowadays only feasible for commercial mining farms or mining pools that combine the hashing power of many users. The reasons for this problem are threefold:

(1)   The development of ASICs with very high hash rates has made it impracticable to mine with ordinary computers, using only CPU power.
(2)   The fierce competition between miners has resulted in an extreme difficulty of the hashes as required by the system to guarantee a constant rate of block creation.
(3)   Mining is inherently profitable since for every created block the miners receive a direct financial reward, making commercial mining a profitable enterprise.

Let's take a deeper look at each of these aspects.

(1) Even though ASICs are commonly used by large-scale mining enterprises, professional mining equipment can basically be purchased and run by anyone at affordable prices. As ASIC mining, however, cannot be performed as a background task on a computer, it is unappealing to users who want to make use of their idle computer time. Various ASIC-resistant Proof-of-Work (PoW) schemes have been proposed to shift the bottleneck from raw computation power to the size of RAM (memory-hard puzzles) or its access latency (memory-bound puzzles). Cuckoo Cycle is a promising example for a memory-bound PoW that spends the majority of the runtime waiting and could even run on smartphones while they charge overnight, with no fear of overheating. Such schemes could significantly reduce the advantages of large-scale mining. However, there are also arguments against ASIC-resistant PoW puzzles. While ASICs have no other uses but mining the cryptocurrency, an attacker might be able to rent a huge amount of generic computing power temporarily, use it to attack, and then suffer no monetary consequences as they no longer need to rent the capacity after the attack. Also, CPU mining is vulnerable to botnets in contrast to ASICs.

(2) is a direct result of the limited block creation rate. Without enough computing power at hand, the chance of successfully mining a block is negligible due to the high difficulty level for the hashes. Even though one could theoretically get a considerable reward for any mined block, the expected time to find a suitable hash is prohibitively high and too erratic for solo miners. An obvious solution would thus be to increase the rate by reducing the time between blocks so that the competition would be spread across a larger number of blocks. This would lead to lower but more frequent rewards on average. Unfortunately, the latency of the network makes it virtually impossible to set block time below a certain limit since the speed of light doesn't obey to Moore's Law.

(3) seems to be the logical consequence of the fact that users need to have an incentive in order to contribute to the network by mining blocks. At first sight, it seems hardly imaginable that (enough) people would be willing to mine without any reward tied to it. Some have proposed to market mining as a lottery. If a billion people spend a small amount for mining with the tiny chance to win a block that pays them a fortune (albeit with a negative expected value), commercial mining might turn out as loss-making as well. It is doubtful though if such a model could work out in practice.

So, the question is, can we find an incentive that is powerful enough for most ordinary users but cannot be turned into a profitable business?

I think, we can. Here's my proposal:

Mining is profitable because the miner is rewarded for every created block by the assignment of a certain amount of coins (fiat coins, transaction fees). The rewards therefore consist in (a) a direct financial gain that is (b) more or less proportional to the number of mined coins. If we were able to build an incentive scheme for mining that acts in an indirect manner and doesn’t generate profit on its own, we might be able to put an end to commercial mining and decentralize the blockchain.

To that end, we could leverage transaction fees in a completely different way than most existing cryptocurrencies do. Instead of allowing the miner to collect the fees paid by other users as a financial reward, we should shift the focus on the transaction fees that a miner has to pay when making a transaction himself. Let’s assume that each newly created address must pay a fixed percentage of the transferred amount to get his transaction acknowledged by the chain. This constitutes a financial burden that we can lower by a certain rate, every time a valid block is mined by the given address. Hence, after mining a couple of blocks, the address will benefit from very low transaction fees.

With such a scheme, users who want to actively use their address for sending payments have a strong incentive to mine blocks, even though they don’t receive any direct reward by creating the block itself. On the other hand, the system doesn’t offer any business opportunity for commercial miners who are seeking profit out of mining. The only possible thing they might try is creating and selling accounts with low transaction fees to new users. But since accounts can only be transferred by revealing the corresponding private key, such transactions will always be very risky.

Another twist to the system would please to users who mostly stand on the receiving side of the transactions, like merchants. In addition to lowering the fees as a reward for every mined block, we could introduce an increasing fee discount linked to the receiver's address. So, when a sender wants to pay money to a receiver, he will end up paying the standard fee * sender's discount * receiver's discount. Both discounts will grow with every block created by the miner.

The drawback of the described incentive mechanism is the fact that due to the lack of professional miners it would need a lot of active users to reach the current hash rate of Bitcoin. Furthermore, every user would need to have a realistic chance of getting some discounts by mining on a regular PC or smartphone for some time. With the current block time of Bitcoin it's impossible to realise such a system for more than maybe a few 1000 users.

[1715696217]

1715696217

[1715696217]

1715696217

[1715696217]

1715696217

[1715696217]

1715696217

[1715696217]

1715696217

[1715696217]

1715696217

[bathrobehero]

Mining costs money by the second so low rewards will cause fewer miners defending the network.

Merchants try to never hold much coins and so they're also selling them so you'd have difficulty differentiating between merchants and users.

Reducing the time between blocks also means the blockhcain will grow that much faster.


Basically there's nothing you can do to try to exclude mining pools and big miners. They can game any system and appear as regular small miners.

[dinofelis]

I think the OP is, without realizing, re-inventing some kind of PoS mechanism.

One must realize the intend of PoW mining: it is to BURN SEIGNIORAGE.   In any financial system, there must be a way to create a LIMITED amount of money that will be used.  Money is to be used as a store of value and as a means of exchange (both are the same, only the time scale differs: "means of exchange" is store of value on short term between trade A and trade B, "store of value" is storing what one obtained from trade A, to do trade B far in the future).
In order for it to be usable that way, it has to be scarce.
In order to be perceived as "fair", the idea is that nobody should be able to "make some for free" without getting them in return for goods and services as anybody else.  This is the problem with seigniorage: it is fundamentally unfair.

The brilliant idea of PoW is that competition between miners makes that miners (almost) don't make a profit: they burn it because their competition makes the difficulty rise so much that there remains only a small margin.  (if the margin is large, that will attract more miners, and will increase the difficulty and hence the real world cost of mining).

The margin is considered "fair" because it is the market for securing the block chain: if people don't want to go through the hassle of mining for a smaller margin (visibly they don't), that means that the fair price of doing the work is the mining margin.

All coins that do not apply PoW with destruction of almost all value of coin creation through mining competition are fundamentally unfair, in that they assign market value by coins against nothing (no goods and services have been delivered for that money but their owners will obtain goods and services: they get a free ride).

One has to understand that coin creation is an "inflation tax" on all the coin holders.  With PoW, even if the coin has no finite limit of creation and has non-zero inflation all the time, this tax is entirely burned in order to secure the chain, and nobody is reaping in the tax.    All mechanisms that assign this "tax" to a limited fraction of people (the developers, the stake holders....) have some smell of statish aristocracy reaping in taxes for a free ride.

[alkan]

Mining costs money by the second so low rewards will cause fewer miners defending the network.

That only seems true at first sight, in reality it's more complex. Currently, Bitcoin mining is almost entirely done by mining farms and mining pools since solo mining is pointless. If you count mining pools as entities, the mining is practically done by few dozen of organisations. With my approach, these entities would disappear since they couldn't make any profit off of mining because all they can achieve is lowering their own transaction fees.

What you probably mean is the effect on the total hash rate that secures the network. This is a more delicate question. The total hash rate will depend on the total number of users (account owners) of the network since, assuming the initial transaction fees are preset to a high initial value, every user must also be a miner in order to make payments without any significant loss. If we use Cuckoo Cycle for the hash puzzles, an attacker would practically need to outpace the CPU power of the total user base, consisting of individual users. Cuckoo Cycle is nice as it allows to mine as a background task which should motivate users to leave it on most of the time.

Another question is if accounts should retain the low fees forever or if we require their owners to keep mining blocks to preserve their standing. In the latter case, even old users would have to mine blocks every now and then and thus contribute to the security of the blockchain.

Merchants try to never hold much coins and so they're also selling them so you'd have difficulty differentiating between merchants and users.

This is not an issue as we don't need to be able to distinguish between merchants and users. I just thought it would be nice if we could lower the transaction fees on both sides of a transaction. Of course, we would have to grant this double privilege to every account, no matter if it's held by an individual user, a merchant or a trader.

Reducing the time between blocks also means the blockhcain will grow that much faster.

As already mentioned in (2), the current network topology of Bitcoin (and probably of most Altcoins as well) that relies on one single blockchain doesn't allow the block time to be set arbitrarily high. That's why I said that my proposal could only work with a few thousands of active users. This all boils down to the general issue of scalability of cryptocurrencies for which, unfortunately, not trivial solutions exist.

Basically there's nothing you can do to try to exclude mining pools and big miners. They can game any system and appear as regular small miners.

With my proposal, big miners and mining pools would lose their raison d'être since they wouldn't make any profit.

[alkan]

I think the OP is, without realizing, re-inventing some kind of PoS mechanism.

I'm not sure why you think so. My approach offers the same security properties as other PoW schemes (total current hash power to secure the chain, blockchain difficulty for objective consensus etc.). Maybe you mean the fact that with most PoS schemes the "rich will get richer". In fact, this "problem" might also affect my approach but it's more like a philosophical question.

If we set scalability issues aside and assume a very short block time, a naive implementation could look as follows:

1) Initial coin distribution is done by burning BTC (Proof-of-Burn used for bootstrapping).
2) With every created block, the transaction fees multiplied by a certain "fiat factor" are redistributed to every user, according to their relative account balance.
3) Every account starts with 50% transaction fees.
4) For every mined block, the account's fee rate will be halved (25%, 12.5%, 6.25%, ...)
5) If the miner hasn't mined a block himself within a period of N block, his transaction fees will be doubled.

Since 50% is prohibitevly high, each user will first have to "hone" his account by mining blocks before he will use the system to make payments.

The margin is considered "fair" because it is the market for securing the block chain: if people don't want to go through the hassle of mining for a smaller margin (visibly they don't), that means that the fair price of doing the work is the mining margin.

I tend to disagree. The (operation) costs of mining (and its margin) highly depend on your location. Not everybody can afford to set up a mining farm in Iceland or Norway where electricity is very cheap. In order to mine at the lowest possible costs, you have to invest a lot of capital. So, even Bitcoin will make the richer rich.

Another issue of mining is the fact that the creation of new blocks is only secured by the current hash rate. The mining energy used for the existing chain ends up wasted. Please see https://bitcointalk.org/index.php?topic=1570198.msg15972492#msg15972492 for a more in-depth explanation and a possibility solution.

[dinofelis]

Maybe you mean the fact that with most PoS schemes the "rich will get richer". In fact, this "problem" might also affect my approach but it's more like a philosophical question.

Yes.  It is not because of some "socialist" ideology (I have horror of that), but I firmly believe that a fair economy is about exchanging goods and services at a convened exchange ratio, called "price", set by a free market.  I fully agree that with risk taking may come benefit, but there should indeed be risk taking (with a probability of loss of time, goods, services, or other assets).
A free ride is a bad thing economically.  It makes for aristocratic elites, and for the run-away effect of making the free riders getting more and more free rides until they dominate most of the produced wealth.

One of the worst forms of free riding is seigniorage (call it counterfeiting).  What others have to exchange against production, you get it for free.  That is no-go to me.

1) Initial coin distribution is done by burning BTC (Proof-of-Burn used for bootstrapping).

Isn't it better to make a fork of bitcoin directly, then ?  So you get your initial distribution directly from bitcoin's ?

2) With every created block, the transaction fees multiplied by a certain "fiat factor" are redistributed to every user, according to their relative account balance.

That is economically senseless.  If you distribute a tax evenly as you have taken it, there's no point.  Now, creating money applies an inflation tax to every balance owner, proportional to his balance.  If you then re-distribute the new coins proportionally, there's no point in creating them in the first place.

If there is 1000 coins, and I own 10 of them, and now you create 100 more, you have created an inflation of 10%, so the value of all coins is diminished by 10%.  My 10 coins are now worth what 9 of them were worth yesterday.  If you now distribute those 100 coins evenly, I should receive 1 coin.  So now there are 1100 coins, and I have 11 of them. 
Totally useless.  The same value is now just with more coins in exactly the same proportion as it used to be.

Inflation only has a sense if it is "unfair", that is, if it gives more seigniorage to some than to others.  That is why PROPORTIONAL PoS is silly, but usually it is not proportional (not all potential minters do mint).

3) Every account starts with 50% transaction fees.
4) For every mined block, the account's fee rate will be halved (25%, 12.5%, 6.25%, ...)
5) If the miner hasn't mined a block himself within a period of N block, his transaction fees will be doubled.

The idea of a monetary unit is that (apart from inflation), one shouldn't be obliged to care about it being on the chain.  If you OBLIGE people to mine (or after, say 50 N blocks, they have to pay a transaction fee 2^50 times higher, and probably much higher than the amount in the wallet), then it will never get general acceptance.
On top of that, your system discourages using multiple addresses, contrary to all principles of privacy on block chains.

Since 50% is prohibitevly high, each user will first have to "hone" his account by mining blocks before he will use the system to make payments.

And as of course not everybody can mine (there are less blocks than users), you will essentially have a value pump from people to the few active miners that are in the race.

The margin is considered "fair" because it is the market for securing the block chain: if people don't want to go through the hassle of mining for a smaller margin (visibly they don't), that means that the fair price of doing the work is the mining margin.

I tend to disagree. The (operation) costs of mining (and its margin) highly depend on your location. Not everybody can afford to set up a mining farm in Iceland or Norway where electricity is very cheap. In order to mine at the lowest possible costs, you have to invest a lot of capital. So, even Bitcoin will make the richer rich.

That's not my point.  I didn't say that everybody can be a miner.  In the same way as it is probably not feasible to be a profitable wine maker in the Sahara or in Siberia, there are economic propensities which make "being a miner" more interesting in certain situations than in others.  But the point is that there are SUFFICIENT miners in those situations that they compete each other to oblivion, and only keep a sufficient margin for the product delivered, which is 'securing the block chain'. 

Another issue of mining is the fact that the creation of new blocks is only secured by the current hash rate. The mining energy used for the existing chain ends up wasted.

And that is NECESSARY.  It must be wasted, to destroy the advantage of seigniorage. 

[alkan]

I fully agree that with risk taking may come benefit, but there should indeed be risk taking (with a probability of loss of time, goods, services, or other assets). A free ride is a bad thing economically.

I'm not sure whom you are referring to, the developers of a currency or its early investors or somebody else. If you buy into a PoS-based altcoin, you probably take a much higher financial risk than by investing your money in professional mining equipment for BTC. As most altcoins have failed or are going to fail, it's nothing but fair that you get a higher reward in return if the money survives against all odds.

Isn't it better to make a fork of bitcoin directly, then ?  So you get your initial distribution directly from bitcoin's ?

I don't see how forking would be possible. My proposal is completely different from Bitcoin.

That is economically senseless.  If you distribute a tax evenly as you have taken it, there's no point.  
(...)
That is why PROPORTIONAL PoS is silly, but usually it is not proportional (not all potential minters do mint).

First of all, I don't think that proportional PoS is silly. One of the most important properties a currency should have is stability in value.
As a new coin won't attract a huge user base right from the beginning, it can indeed make sense to create fiat money to prevent deflation (i.e. increasing price) that might easily occur if the number of coins is fixed.

In my draft proposal (which is by no means to be considered as a final version), money supply would be increased in step with the transaction fees paid by its users. I assume that existing users would normally have a relatively low influence on the money supply since their fee levels would be close to 0 % (or even 0 if we allow that). On the other hand, new users who cannot wait to "hone" their accounts before making a payment would pay much higher fees, thus leading to the production of more coins. As the inflow of new (or impatient) users is generally a sign of a higher overall interest in the currency, demand for the coin would probably rise as well. Therefore, it makes sense to increase the money supply because it will dampen the price increase that would otherwise result from a higher demand.

As a variant of my proposal, you could foresee that the transaction fees based on low (below average) fee levels are burned, while above-average fees are redistributed along with a fiat surplus. Such a mechanism would act in an anti-cyclic way to absorb price fluctuations.

The idea of a monetary unit is that (apart from inflation), one shouldn't be obliged to care about it being on the chain.  If you OBLIGE people to mine (or after, say 50 N blocks, they have to pay a transaction fee 2^50 times higher, and probably much higher than the amount in the wallet), then it will never get general acceptance.

Of course, the parameters must be selected with care. Your example is excessive. One would rather say that a user has to build one block per week (or month) in order to keep his fee level. Or maybe we should refrain from automatic fee reduction completely, though this would also reduce the incentive to mine once you have reached an acceptable fee level.

On top of that, your system discourages using multiple addresses, contrary to all principles of privacy on block chains.

Agreed, but I don't really consider privacy as an overly important aspect of a crypocurrency that should become a generally-accepted currency. Imagine a currency that is used by 1 billion people, i.e. ordinary people that are neither cypherpunks nor criminals nor investors. How many of them would effectively create multiple accounts to hide their identity?

And as of course not everybody can mine (there are less blocks than users), you will essentially have a value pump from people to the few active miners that are in the race.

As already mentioned, my proposal is based on the assumption that we can have arbitrarly low block times, so there would be enough blocks to mine for anybody. If a cryptocurrency is to replace VISA, it has to offer the ability of processing 1000s of transactions per second. This cannot be done with standard blockchains, so you'd have to use multiple simultaneous blockchains or other techniques of sharding anyway. This is a general problem that isn't solved by my proposal, though.

But the point is that there are SUFFICIENT miners in those situations that they compete each other to oblivion, and only keep a sufficient margin for the product delivered, which is 'securing the block chain'.  

No, I still disagree. Miners must have a sufficient INCENTIVE to mine and to secure the blockchain. MARGIN is not the same as INCENTIVE, it's just one variant of it.

And that is NECESSARY.  It must be wasted, to destroy the advantage of seigniorage.  

Okay, the question is not really if the energy is "wasted" but how effectively the energy is used to secure the blockchain. In the linked post I tried to explain why I think that the efficiency of Bitcoin mining isn't optimal with regard to protecting the network from short-range attacks. A second aspect is that with the current centralization of mining, it's probably much easier to launch a bribe attack than in case of decentralized mining since the attacker wouldn't even be able to contact most solo miners.

[deadpoolx]

Although I do not agree with all aspects, this is an interesting analysis.

[alkan]

Although I do not agree with all aspects, this is an interesting analysis.

Thanks. I'm curious to know the aspect you don't agree with.

[dinofelis]

Isn't it better to make a fork of bitcoin directly, then ?  So you get your initial distribution directly from bitcoin's ?

I don't see how forking would be possible. My proposal is completely different from Bitcoin.

You can write *totally different* code on a *totally different* white paper, but allow for "once-valid" transactions from the bitcoin block chain to the new chain, and take as genesis block of the new chain, a certain recent block on the bitcoin chain.

That comes down to making a totally new coin, with totally different protocol, but which is technically speaking a hard fork from bitcoin, with an initial distribution equal to the bitcoin distribution at the block where the fork was decided to be attached (the genesis block of the new chain, equal to a given block on the bitcoin block chain).

Every UTXO of the bitcoin chain before that block can be used (once) with a valid bitcoin signature (using the bitcoin secret key), but as this is a special transaction on the new chain, it would be of a special type that cannot be used afterwards.

Doing so would:

1) enable you to just implement any different protocol you like
2) have an initial distribution equal to the bitcoin distribution at a given point in time.
3) have all bitcoin owners automatically have "free money" on your chain and give it a head start
4) not need any special ICO or whatever
5) cannot be used as a scam to make money for the devs or their buddies of the first hour (like DASH)
6) is technically a hard fork from bitcoin, but with totally different code

From point 5), one can deduce that nobody will do it I suppose :-)

First of all, I don't think that proportional PoS is silly. One of the most important properties a currency should have is stability in value.
As a new coin won't attract a huge user base right from the beginning, it can indeed make sense to create fiat money to prevent deflation (i.e. increasing price) that might easily occur if the number of coins is fixed.

Why would one increase the number of coins then ?

Suppose that initially, 3 people hold the 40 coins, One 20, another 15 and another one 5.

If these people are going to exchange their coins to increase the user base, their holdings are going to diminish in coins, but the increased user base is going to increase the value of each coin.

Now, under PoS, only these 3 people are going to obtain new coins (only they can mint).  What's the gain in having them first obtain 4, 3 and 1 extra coin, so that they now have 24, 18 and 6 coins each, and THEN exchange their coins, diminished by inflation, but with a larger stash, to a larger user base ?

Under PoS, there is no increase in user base by mining.  The original stash holders are the ones getting the new coins, which diminish the value of their coins, but get more coins.

As long as there are enough "digits after the comma" (that is, each coin can be split in say, 10^8 Satoshi-like fractional parts), there's no reason to "mint", which diminishes the value of an individual coin, and increases the stash of each holder with exactly the same amount.

On top of that, your system discourages using multiple addresses, contrary to all principles of privacy on block chains.

Agreed, but I don't really consider privacy as an overly important aspect of a crypocurrency that should become a generally-accepted currency. Imagine a currency that is used by 1 billion people, i.e. ordinary people that are neither cypherpunks nor criminals nor investors. How many of them would effectively create multiple accounts to hide their identity?

I think that is the big failure of any non-anonymous currency (most of them in fact).  With non-anonymity comes non-fungible coins.  You can decide not to accept coins that come from transactions in certain countries, you can decide not to have coins that have been held by the competition (if that competition is smaller), law makers can impose different taxes as a function of where coins come from (for instance, they could make tax transferrable: if you accept coins from someone who hasn't paid their taxes, YOU should now pay them in their place).

Non-anonymous coins are not fungible.
 

As already mentioned, my proposal is based on the assumption that we can have arbitrarly low block times, so there would be enough blocks to mine for anybody.

I didn't realize that, but that's crazy.  Imagine you get a block interval that is 1/10 of the average network  propagation time...  You make a big mess of forked blocks all the time.  

If a cryptocurrency is to replace VISA, it has to offer the ability of processing 1000s of transactions per second. This cannot be done with standard blockchains, so you'd have to use multiple simultaneous blockchains or other techniques of sharding anyway. This is a general problem that isn't solved by my proposal, though.

Technically, it can, but on huge chains.  Probably off-chain systems like Lightning are ways to do so.  

Okay, the question is not really if the energy is "wasted" but how effectively the energy is used to secure the blockchain. In the linked post I tried to explain why I think that the efficiency of Bitcoin mining isn't optimal with regard to protecting the network from short-range attacks. A second aspect is that with the current centralization of mining, it's probably much easier to launch a bribe attack than in case of decentralized mining since the attacker wouldn't even be able to contact most solo miners.

It is the waste (of resources) that secures the chain, because you oblige an attacker to waste at least as much on his own.  If it is efficient, the attack becomes just as efficient.  So the waste is essential.

One should burn enough resources irreversibly to secure the chain, because it is this burden that makes it not profitable for an attacker.  From the moment that the waste is useful, an attack becomes more profitable too (the usefulness is also useful to an attacker).

Even bitcoin's burning of electricity is not perfect.  Indeed, consider industries with high electric heating power.  If they can harness the waste heat from mining equipment, they become perfect attackers.  They would spend the electricity in any case, and now they can use that "for free" to attack the bitcoin block chain.  So even "heat" is problematic if it is useful.

[alkan]

Thanks for the explanation of hard forking.

Technically, it makes sense. However, I doubt that it would be more fair than Proof-of-Burn because the new coin would just inherite the existing unfairness of Bitcoin's coin distribution. If you're most worried about the devs or early adopters, just think of Satoshi who owns like 10% of the whole BTC supply thanks to the fact that he could mine a million BTC himself without any competition at the beginning. Now, imagine what would happen if the new coin turned out as a huge success and became the new VISA. Satoshi would then be the world's richest man I guess.

You see that offering "free money" to BTC holders is actually a free ride (in your terminology) since the owners don't have to take any risk. With PoB on the other hand, they would have to burn their coins in order to get the new currency, which consitutes a risk and is thus more fair.

Now, under PoS, only these 3 people are going to obtain new coins (only they can mint).  What's the gain in having them first obtain 4, 3 and 1 extra coin, so that they now have 24, 18 and 6 coins each, and THEN exchange their coins, diminished by inflation, but with a larger stash, to a larger user base ?

Under PoS, there is no increase in user base by mining.  The original stash holders are the ones getting the new coins, which diminish the value of their coins, but get more coins.

As long as there are enough "digits after the comma" (that is, each coin can be split in say, 10^8 Satoshi-like fractional parts), there's no reason to "mint", which diminishes the value of an individual coin, and increases the stash of each holder with exactly the same amount.

The aim is to prevent the coins from getting more and more expensive in case of an increasing interest in the currency. Let's assume that the owners of the coins place sell orders worth of 1 % of the total currency supply each day (If the random walk hypothesis holds, the sell rate should be independent from the token's price). Now, if the number of coins is fixed, the price would steadily rise as long as there's an increasing demand for the currency, which is a bad thing. That's why inflating the currency supply can indeed make sense in some cases.

I think that is the big failure of any non-anonymous currency (most of them in fact).  With non-anonymity comes non-fungible coins.  You can decide not to accept coins that come from transactions in certain countries, you can decide not to have coins that have been held by the competition (if that competition is smaller), law makers can impose different taxes as a function of where coins come from (for instance, they could make tax transferrable: if you accept coins from someone who hasn't paid their taxes, YOU should now pay them in their place).

Non-anonymous coins are not fungible.

But wire transfers and credit cards are nertheless accepted by most people even though they are not anonymous and can easily be restriced by states (i.e. in case of an embargo).

I didn't realize that, but that's crazy.  Imagine you get a block interval that is 1/10 of the average network  propagation time...  You make a big mess of forked blocks all the time.  

My proposal is a theoretical concept and not intended to become the next currency "as is".

One should burn enough resources irreversibly to secure the chain, because it is this burden that makes it not profitable for an attacker.  From the moment that the waste is useful, an attack becomes more profitable too (the usefulness is also useful to an attacker).

Even bitcoin's burning of electricity is not perfect.  Indeed, consider industries with high electric heating power.  If they can harness the waste heat from mining equipment, they become perfect attackers.  They would spend the electricity in any case, and now they can use that "for free" to attack the bitcoin block chain.  So even "heat" is problematic if it is useful.

That's certainly true but esentially boils down to the same scenario as making wine in the Sahara. Some miners can make better use of the heat than others.

I'm not sure if you have read my other post. My point was that the creation of new bitcoin blocks is only secured by the current hash rate of the network, being oblivious of all the energy that has been used in the past. Critics say that this might be insufficient (https://blog.ethereum.org/2016/07/27/inflation-transaction-fees-cryptocurrency-monetary-policy). In any case, it's not an optimal usage of the energy since it seems to be possible to make use of the cumulative hash power as well.

[dinofelis]

Thanks for the explanation of hard forking.

Technically, it makes sense. However, I doubt that it would be more fair than Proof-of-Burn because the new coin would just inherite the existing unfairness of Bitcoin's coin distribution. If you're most worried about the devs or early adopters, just think of Satoshi who owns like 10% of the whole BTC supply thanks to the fact that he could mine a million BTC himself without any competition at the beginning. Now, imagine what would happen if the new coin turned out as a huge success and became the new VISA. Satoshi would then be the world's richest man I guess.

You could, in your hard fork, exclude bitcoin UTXO before a certain block number too, so making Satoshi a poor man...

There's a difference between "burning bitcoin" because then you LOSE your actual bitcoins, and FORKING, where you give free money to bitcoin owners (in fact, you don't give free money, you pick in part of the bitcoin market cap!).

You see that offering "free money" to BTC holders is actually a free ride (in your terminology) since the owners don't have to take any risk. With PoB on the other hand, they would have to burn their coins in order to get the new currency, which consitutes a risk and is thus more fair.

No serious person would BURN bitcoin to get a new coin in a 1:1 ratio.  And if you put in any other ratio, then you have burned superiority (and an arbitrary value ratio) in the code.  Best is to FORK, and let the market split the market cap of your fork and the original bitcoin market cap.

The biggest difficulty in starting a new monetary system is the seigniorage and initial distribution (which is in fact the same).   Ideally, you would like to give a uniform distribution over the world population. But that's not possible because there is no "original identity token" which you could use as private key.  So the next best thing to do is to take an existing distribution that HAS private keys already.   If you take bitcoin, or bitcoin minus the first year or so, you get something that gets close.

The aim is to prevent the coins from getting more and more expensive in case of an increasing interest in the currency.

That's unavoidable if a monetary system grows, unless you allow for coin creation, but then you have to BURN the seigniorage with PoW.

The reason why you don't want monetary units to become more valuable is because you consider that the "early adopters" get unfair value for nothing.  But when you kill their value with inflation, you create seigniorage which you have to destroy.  Now, it is almost impossible to devise an automatic system where PoW will create coins and destroy value exactly that amount of value which is the growth of the market cap.  Best would be a kind of constant emission, OR starting with a fairly broad distribution and let the market do.

I think that is the big failure of any non-anonymous currency (most of them in fact).  With non-anonymity comes non-fungible coins.  You can decide not to accept coins that come from transactions in certain countries, you can decide not to have coins that have been held by the competition (if that competition is smaller), law makers can impose different taxes as a function of where coins come from (for instance, they could make tax transferrable: if you accept coins from someone who hasn't paid their taxes, YOU should now pay them in their place).

Non-anonymous coins are not fungible.

But wire transfers and credit cards are nertheless accepted by most people even though they are not anonymous and can easily be restriced by states (i.e. in case of an embargo).

These money units are not anonymous, but they are FUNGIBLE.  Nobody refuses your credit card payment because you got money from a competitor for instance.   If you send 200 dollars to a web site with VISA, they know that that money comes from YOU, but they don't know WHERE YOU GOT EXACTLY THOSE 200 DOLLAR FROM. 

Imagine people getting paid in bitcoin.  Imagine you don't want employees of Apple to buy your products.  If you find out that their bitcoins were once Apple's, you can refuse those bitcoins.  However, an employee of Apple can pay you with VISA and you don't know that he got his money from Apple.

That's the problem with traceable coins.  They are coloured.

That's certainly true but esentially boils down to the same scenario as making wine in the Sahara. Some miners can make better use of the heat than others.

It is not about fairness between miners.  It is about miners not making excessive profits of seigniorage.  As long as they compete with one another, the most profitable miners will compete against one another and increase difficulty sufficiently that there's not much margin left.

[BitcoinNational]

dinofelis is saying some intelligent stuff here!

1.  POW is the ultimate shit coin, there is always more and more of them being created, but without them there is no crypto.   It's a game of hot potato, called currency.

2. Like every human managed industry ... they eventually end up in cartel and finally monopoly.  Check this out ... https://btc.com/
10 pools control BTC, and notice that the mining hardware monopoly is vertically organizing their position.

3.  So the solution is to re-invent the wheel.  bing!  LTC  bing! ETC  bing!  XPM bing! blake
So you see some are hits others misses.

4.  Now I think it is time to create POWs that do something besides just burn electricity and fall pray to specialized hardware (asics).
Like run the internet   Or google stuff ... crawl, indexing.  Or provide API broadcasts.  You know the work required to keep the net up.  Steem is kind of like the idea, but I think it falls more to the POS side (you need to buy in in order to have the right to mint more coins).

5.  POS is a-okay ... but a different kettle of fish ... the markets will tend to be much less risky ... and thus lack volume.  Same with 'assets' they are exactly like stocks.

6.  These ICO daos are lunatical ... the winners will be the ones that can organize a public utility ... that means null profit margin and hence shit roi ... but cool none the less.

[alkan]

No serious person would BURN bitcoin to get a new coin in a 1:1 ratio.  And if you put in any other ratio, then you have burned superiority (and an arbitrary value ratio) in the code.  Best is to FORK, and let the market split the market cap of your fork and the original bitcoin market cap.

The biggest difficulty in starting a new monetary system is the seigniorage and initial distribution (which is in fact the same).   Ideally, you would like to give a uniform distribution over the world population. But that's not possible because there is no "original identity token" which you could use as private key.  So the next best thing to do is to take an existing distribution that HAS private keys already.   If you take bitcoin, or bitcoin minus the first year or so, you get something that gets close.

Your proposal of forking instead of burning bitcoin sounds really interesting because it makes boostrapping of the coin much easier since the bitcoiners would get the new coins for free. Do you know of any altcoins that have opted for this approach?

However, I don't really get why with PoB the exchange ratio would have any impact. It's just an arbitrary ratio. If a bitcoiner is interested in the new currency and ready to burn some of his BTC (or Satoshis) to get hold of it, he would burn the same amount no matter how many coins he would get in exchange. All that matters is the relative stake that he will receive for his money, which is independent from the denomination. I don't understand what you mean by "you have burned superiority".

The reason why you don't want monetary units to become more valuable is because you consider that the "early adopters" get unfair value for nothing.  But when you kill their value with inflation, you create seigniorage which you have to destroy.  Now, it is almost impossible to devise an automatic system where PoW will create coins and destroy value exactly that amount of value which is the growth of the market cap.  Best would be a kind of constant emission, OR starting with a fairly broad distribution and let the market do.

You're right. It's probably very difficult to create such a system. Maybe in Ethereum you could set up a smart contract to regulate the supply of a new coin and tie it to the market cap. To achieve that, you would either have to refer to an external source of information or set up your own decentralized exchange market as part of the contract so would have direct access to price information.

[dinofelis]

No serious person would BURN bitcoin to get a new coin in a 1:1 ratio.  And if you put in any other ratio, then you have burned superiority (and an arbitrary value ratio) in the code.  Best is to FORK, and let the market split the market cap of your fork and the original bitcoin market cap.

The biggest difficulty in starting a new monetary system is the seigniorage and initial distribution (which is in fact the same).   Ideally, you would like to give a uniform distribution over the world population. But that's not possible because there is no "original identity token" which you could use as private key.  So the next best thing to do is to take an existing distribution that HAS private keys already.   If you take bitcoin, or bitcoin minus the first year or so, you get something that gets close.

Your proposal of forking instead of burning bitcoin sounds really interesting because it makes boostrapping of the coin much easier since the bitcoiners would get the new coins for free. Do you know of any altcoins that have opted for this approach?

No, and I think it is because with such a system, there's no way for the devs to reap in an unfair amount (see my point 5) earlier on).

However, I don't really get why with PoB the exchange ratio would have any impact. It's just an arbitrary ratio. If a bitcoiner is interested in the new currency and ready to burn some of his BTC (or Satoshis) to get hold of it, he would burn the same amount no matter how many coins he would get in exchange. All that matters is the relative stake that he will receive for his money, which is independent from the denomination. I don't understand what you mean by "you have burned superiority".

If you write in the code "10 new coins for burning 1 bitcoin" then the bitcoin market cap will always be 10 times higher than your coin (assuming the same final number of coins).  If you write in the code "10 bitcoins to burn for 1 coin" you go for your own coin's superiority.  Because not all people holding BTC will burn their coins right away: some may wait 10 years to do so.  They will only do so when it is market-wise interesting, that is, when the market ratio is better for them than the baked in ratio.  Suppose that you say that, to get it started, they get 1000 new coins for burning 1 BTC.  So at current prices, this means that your coin should be valued $0.5.  If it isn't, then people will buy them on the exchanges, and not burn BTC.   Suppose now, that 1 year from now, your coin would have reached $3 and that bitcoin is, say, $1000.  Then of course, many people will burn their BTC because they only need to burn $1 in BTC to get $3 in your coin: your coin will hence never be able to get beyond 1/1000 of the BTC price, even if market-wise it would.  Until all BTC is burned in fact and bitcoin doesn't exist any more.

You're right. It's probably very difficult to create such a system. Maybe in Ethereum you could set up a smart contract to regulate the supply of a new coin and tie it to the market cap. To achieve that, you would either have to refer to an external source of information or set up your own decentralized exchange market as part of the contract so would have direct access to price information.

It would be lucrative to be that manipulating external oracle  As oracle, you go short on ETH, you announce a ridiculously high market price for ETH, tons of them get now minted, and that crashes the real market price of ETH  You reap in your benefice.

Joke: with ethereum, it is actually easier: you look for an exploit in the contract.  There surely is one :-)

[alkan]

No, and I think it is because with such a system, there's no way for the devs to reap in an unfair amount (see my point 5) earlier on).

Even if not based on BTC, but isn't NXT doing something similar at the moment with regard to the new Ardor platform? https://nxt.org/announcing-ardor

If you write in the code "10 new coins for burning 1 bitcoin" then the bitcoin market cap will always be 10 times higher than your coin (assuming the same final number of coins).  If you write in the code "10 bitcoins to burn for 1 coin" you go for your own coin's superiority.  Because not all people holding BTC will burn their coins right away: some may wait 10 years to do so.  They will only do so when it is market-wise interesting, that is, when the market ratio is better for them than the baked in ratio.  Suppose that you say that, to get it started, they get 1000 new coins for burning 1 BTC.  So at current prices, this means that your coin should be valued $0.5.  If it isn't, then people will buy them on the exchanges, and not burn BTC.   Suppose now, that 1 year from now, your coin would have reached $3 and that bitcoin is, say, $1000.  Then of course, many people will burn their BTC because they only need to burn $1 in BTC to get $3 in your coin: your coin will hence never be able to get beyond 1/1000 of the BTC price, even if market-wise it would.  Until all BTC is burned in fact and bitcoin doesn't exist any more.

Yes, thanks, I see the problem now. But couldn't you just have a fixed (hardcoded) deadline to burn your coins? Or you could phase PoB out by reducing the ratio with each burned coin so that it eventually becomes totally unattractive.

Joke: with ethereum, it is actually easier: you look for an exploit in the contract.  There surely is one :-)

That's indeed a very serious problem of smart contracts. They have to be 100% proof, or else you are doomed.

[dinofelis]

Yes, thanks, I see the problem now. But couldn't you just have a fixed (hardcoded) deadline to burn your coins? Or you could phase PoB out by reducing the ratio with each burned coin so that it eventually becomes totally unattractive

You can try to "impose the market behaviour", but if you do a hard fork, all this is automatic, without trying to force hands.  With a hard fork, the original market cap is divided over the two in a flexible way and can adapt to people's desires, without any artifice of forcing exchange ratio, time limit or anything.

In fact, this puts an actual end to the sound money doctrine of bitcoin, with a finite offering of monetary unit supply: each fork is a form of (non-fungible) inflation.