MC2: A cryptocurrency based on a hybrid PoW/PoS system

[minefish]

interNET

NETwork

NETcoin

it fits right in

[tacotime]

I will be the first to say that I'm pretty terrible at math

How are people going to trust you if you don't know about math. Whoever Satoshi was he was a genius in math and cryptography.

I "know about math" and I got an A (barely) in Calculus I/II and computer algorithm analysis, I'm just not very talented when it comes to numbers.

Sorry guys, this cudaminer update to guiminer-scrypt is proving a nightmare right now..  I'm going to work.

[RoadTrain]

Regarding quantum-resistant cryptography.
NTRU isn't the only option.
It's patented but patent holders said they allow the algo's use for non-commercial purpose.

Also I strongly support the mentioned BOINC-related stuff. Though the implementation has some difficulties, we could try to contact them and find a soluton.

[termhn]

( if this was already mentioned, apologies in advance )

I think the first coin to establish a system that goes some way to avoiding the need for an exchange will likely be very successful. I don't know how/if this could be coded into client wallets etc, but how about this idea :

I want to send $200 to Mr X, in exchange for a number of noXcoin ( or whatever the name of this imaginary new coin is ), I load my own client wallet with $200 ( let's worry about how I can do that in a while ), this creates a string like a bitcoin address, but prefixed with $, this sting is unique and becomes known on the network, using this string, I send the $200 over to mr X.

Mr X has a number if hours, lets say for now it's 2 hours, ( maybe this time period can be set by the initial sender, the 'guy that goes first' ), to send me my noXcoins, as soon as he does so, the trade is 'locked down' by the network and neither party can reverse the trade. If I do not get my coins inside the 2 hours, the trade gets cancelled, and my $200 get credited back to me by the network.

How do I get these $200 into my wallet? I guess that's the difficult part in this at least, I think something has to be  built into the design that will allow banks to join the network and offer the ability for people to send $,€,£ etc to their wallets, ( for a small fee I guess to give them the incentive ), right, this wouldn't work from day one, and we have to trust market forces to take place and the banks to jump on board with that one in putting their end of the system in place. Maybe there is another better solution to that ?

Saigo - i really think you hit onto a point here - I like the idea of an exchange similar to that but based on the http://nashx.com/About which was inspired by Mutually assured destruction and the Nash equilibrium - a way to get around the larger numbers having to risk larger amounts would be for the efficient network client to - process those transactions in 1 or 2 unit blocks -

- exchanges are a very key part of the acceptability / Fungibility   ie, the more decentralized the better.

the beauty of nash equilibrium and mutually assured destruction is apparent already.

I love it, this would be huge in the growth of the currency IMO.

[Nissi]

Some food for thought... (Please explore and critique these ideas, they are intended for brainstorming purposes)

Assumptions:
(a) This is not intended to be a pump-and-dump or another copy-coin
(b) In order to be massively successful, the coin must improve upon multiple features of bitcoin AND litecoin

Two areas for lots of improvement:
- Energy: To my understanding, the computing power we use for mining our coins is all wasted. The only reason for the power requirements is to force scarcity and distribution. We need to find a greater purpose for the computing power, something that makes outsiders want to join the community because it is doing some good in the world. We need to include something like folding@home or analyzing DNA or something to benefit society.
- VALUE: Cryptocurrencies are currently linked very strongly to the USD/EU. Many miners simply mine the currency in order to sell it for USD. If these are ever going to have a chance at surviving, the infrastructure needs improvement. That is happening to a point, but really what we want is not 'x coins buys x dollars' but rather 'x coins buys a soda' as a way of thinking. What if the coins, as they gained value against other currencies, actually multiplied by 10's? so if its initial worth was $0.10 US, 10 coins buys a soda. If the value against the USD goes up to $1.00 per coin, everyone coins get multiplied by 10 (sort of like splitting a stock). The purpose would be to keep the purchasing power of a single coin approximately constant so that resellers can set prices in terms of our currency and not risk their prices being way off due to massive market swings like bitcoin has experienced.

Some other thoughts:
- SIZE of the blockchain: I don't know if it is possible, but i had seen earlier in this thread a mention of a blockchain that would begin to clip off earlier sections once it reached a maximum size. I don't know the feasibility but it is worth discussing. If these older blocks are needed to manage coins that have been stagnant for some time, maybe it would be possible to prune out the other transactions or migrate the coins automatically to a new set of addresses further in the chain?
- CONFIRMATIONS: What about smaller blocks so we could have more frequent rewards and faster confirmations? It would take more confirmations for the same level of security but wouldn't take any longer if I understand correctly. This could allow stores to assess their own level of needed security to begin processing an order/payment and it would make the process smoother as you don't wait as long for the first could confirmations.

Please feel free to tear this apart, but I hope there is also some constructive talk that comes out of these ideas...

[JessicaMILFson]

Lots of good ideas here. I think that incorporating ZeroCoin and having our coins lower than Bitcoin are key and must be incorporated for success. It's going to take a lot of work, but it will be worth it

[thesnoo23]

- Energy: To my understanding, the computing power we use for mining our coins is all wasted. The only reason for the power requirements is to force scarcity and distribution. We need to find a greater purpose for the computing power, something that makes outsiders want to join the community because it is doing some good in the world. We need to include something like folding@home or analyzing DNA or something to benefit society.

the road to establishing a currency AS an actual currency for buying things instead of just another financial commodity is always going to be a long and usually difficult road. Making the currency do social work is a nice thought, but it's not the point. It's a CURRENCY. You take the currency and use it to PAY people to analyze DNA or whatever to benefit society. I'm not opposed to coins that might do something like that, such as devcoin, but it might(not WOULD) prevent it from becoming a general use currency.

- VALUE: Cryptocurrencies are currently linked very strongly to the USD/EU. Many miners simply mine the currency in order to sell it for USD. If these are ever going to have a chance at surviving, the infrastructure needs improvement. That is happening to a point, but really what we want is not 'x coins buys x dollars' but rather 'x coins buys a soda' as a way of thinking. What if the coins, as they gained value against other currencies, actually multiplied by 10's? so if its initial worth was $0.10 US, 10 coins buys a soda. If the value against the USD goes up to $1.00 per coin, everyone coins get multiplied by 10 (sort of like splitting a stock). The purpose would be to keep the purchasing power of a single coin approximately constant so that resellers can set prices in terms of our currency and not risk their prices being way off due to massive market swings like bitcoin has experienced.

The problem with this is that it will only stabilize the currency in relation to whatever currency you're pegging it against. Various currencies go up and down relative to one another all the time. That's why there's a huge multinational market of speculation in currencies. So, basically, you're sort of making it a sub currency of whatever nation issues the other currency that you're pegging to.

[Michael_S]

About that BOINC thing, very great idea!
I was discussing this the other day.

I also have this idea of launching this coin with some sort of GUI that can configure the wallet in a way that can create cold wallets in a jiffy.
With the current crypto-currency's it is a pain to create 100% safe wallets, and far to difficult for the average Joe PC user.
If we can come up with a solution to create 100% safe wallets for end-users with a much easier process then the current one for litecoin and bitcoin, it can possibly reach a larger audience. The idea that anyone can create a 100% safe wallet (hassle free) that people can trust I think is a very important.
Marketing wise this is also a very good unique and strong selling point.

I picture this to be like a simple GUI which follows you through the steps of creating an offline cold storage on a CD drive, USB, chip whatever.
Maybe even create some sort of bootable ISO file with pre-installed software so people can safely create an offline wallet in a safe environment.
All they have to do is download the software, install the software on a USB drive/CD, boot that USB drive, follow the steps of the GUI and voilla, they created a safe wallet.

This is just the start of an idea, please give feedback and comment on this.

That is irrelevant to what specific coin one happens to use such a GUI with, it is basically a useful piece of free open source software that if you would please actually create it instead of just posting the idea would be useful to all cryptocoins. So please do create it but it is just a GUI front end onto any coin, nothing coin-specific about it. In fact you should make it use the daemon version of the coin even maybe so that people can use the exact same executable of this cold-wallet creator for their entire portfolio of coins.

-MarkM-

@ minefish:
You may be interested in this:
  https://bitcointalk.org/index.php?topic=187974.msg1947420#msg1947420
(It is the combination of a very light weight client, a 100% secure offline storage of private keys, and a front-end that guides the beginner along to set it up and to use it correctly - hope this bash script solution will be converted into a likewise easy-to-use GUI built-in to Electrum or Multibit thin clients one day)

[answer in that thread, not this one, I propose]

[Luckybit]

Some food for thought... (Please explore and critique these ideas, they are intended for brainstorming purposes)


- VALUE: Cryptocurrencies are currently linked very strongly to the USD/EU. Many miners simply mine the currency in order to sell it for USD. If these are ever going to have a chance at surviving, the infrastructure needs improvement. That is happening to a point, but really what we want is not 'x coins buys x dollars' but rather 'x coins buys a soda' as a way of thinking. What if the coins, as they gained value against other currencies, actually multiplied by 10's? so if its initial worth was $0.10 US, 10 coins buys a soda. If the value against the USD goes up to $1.00 per coin, everyone coins get multiplied by 10 (sort of like splitting a stock). The purpose would be to keep the purchasing power of a single coin approximately constant so that resellers can set prices in terms of our currency and not risk their prices being way off due to massive market swings like bitcoin has experienced.

You're misunderstanding the psychology of coin collectors. I have collected stuff all my life. My uncle taught me to collect coins, then it was onto baseball and basketball cards, and so on and so forth. The value in whatever you're collecting depends on the condition it's in and how rare it is. How valuable would a limited edition anything be if you decide later on that because the USD moved that now you're going to make it less limited? That is basically what the US banks and federal reserve already do and why would we want to bring that weakness into cryptocurrencies?

I think the total number of coins must be less than Bitcoin to be worth more than Bitcoin. It's not really something you can disprove because the math is the truth. Mincoin is the most valuable coin and I think this coin should copy Mincoin and go with let's say 8 million total coins (Mincoin has 10 million). The only mistake Mincoin made was they had a 3 day IPO launch which most people believe was a bit too quick but beyond that as far as the mathematics behind it go, for a mere fork of Litecoin it has better long term value than Litecoin could ever have. https://bitcointalk.org/index.php?topic=165397.0 The math does not lie.

Now am not saying everything about Bitcoin or Mincoin is right but the one thing Bitcoin and Mincoin did get right was to limit the total number of coins. That was one of the best decisions. The volatility isn't going to be an issue once the infrastructure is in place do you're trying to say Netcoin should try to solve a problem which wont be a problem by the time Netcoin becomes mainstream?

Netcoin's problem will be growing fast enough and being valuable enough. The infrastructure will be in place and so a fast-track IPO in my opinion is the best way to do it not just for Netcoin but for future coins where the launches should be faster and faster because there shouldn't be the assumption that there will be time to launch them like there are now. Either the environment will be much more hostile to cryptocurrencies or much more competitive and either way a quick launch is a competitive advantage. Bitcoin was the first so it could take 5 years because there was no infrastructure. The first websites and search engines could take a longer time but the growth rate has to improve.

I'm saying Netcoin could get away with 11 million coins, this is less than Bitcoin and competitive with Mincoin. It cannot get away with 400 million coins or 100 million coins or 60 million coins. It has to be less than Bitcoin to be competitive with Bitcoin because no one is going to buy into Netcoin if Netcoin isn't worth as much (and never will be) as Bitcoin. It should be a decision where Netcoin will eventually be worth double what Bitcoin is worth and then everyone would buy Netcoins as soon as it's useful and they can spend it.

[digitalindustry]

( if this was already mentioned, apologies in advance )

I think the first coin to establish a system that goes some way to avoiding the need for an exchange will likely be very successful. I don't know how/if this could be coded into client wallets etc, but how about this idea :

I want to send $200 to Mr X, in exchange for a number of noXcoin ( or whatever the name of this imaginary new coin is ), I load my own client wallet with $200 ( let's worry about how I can do that in a while ), this creates a string like a bitcoin address, but prefixed with $, this sting is unique and becomes known on the network, using this string, I send the $200 over to mr X.

Mr X has a number if hours, lets say for now it's 2 hours, ( maybe this time period can be set by the initial sender, the 'guy that goes first' ), to send me my noXcoins, as soon as he does so, the trade is 'locked down' by the network and neither party can reverse the trade. If I do not get my coins inside the 2 hours, the trade gets cancelled, and my $200 get credited back to me by the network.

How do I get these $200 into my wallet? I guess that's the difficult part in this at least, I think something has to be  built into the design that will allow banks to join the network and offer the ability for people to send $,€,£ etc to their wallets, ( for a small fee I guess to give them the incentive ), right, this wouldn't work from day one, and we have to trust market forces to take place and the banks to jump on board with that one in putting their end of the system in place. Maybe there is another better solution to that ?

Saigo - i really think you hit onto a point here - I like the idea of an exchange similar to that but based on the http://nashx.com/About which was inspired by Mutually assured destruction and the Nash equilibrium - a way to get around the larger numbers having to risk larger amounts would be for the efficient network client to - process those transactions in 1 or 2 unit blocks -

- exchanges are a very key part of the acceptability / Fungibility   ie, the more decentralized the better.

the beauty of nash equilibrium and mutually assured destruction is apparent already.

I love it, this would be huge in the growth of the currency IMO.

Indeed I agree - I Think Taco is pretty busy right now , but we need to bring this up when he seems to have more time (perhaps after the hard ground work regarding the algo is done)

- imagine a Crypto with a built in Exchange in the client , based on MAD and the Nash equilibrium - its essentially perfect -

the point is I'm in full support of this crazy evolution of multiple and many currencies, but we need to work towards a real winner - i have the name already if this one is the winner i will bring that up at that time - many will disagree but I'm right on this aspect. sometimes its not about what most think, but the best in their field.

I would get a C in Math, but economics has nothing to do with math.

[Joerii]

Looks very good!
Just one thing: change the name to something usable and new while you can.
Memcoin2 sounds like this is just a second copy of something else, and doesn't sound appealing at all
Don't make the same mistake peepeecoin made :p

Have not read the whole thread yet but i was going to say I like a lot of the ideas here - keep MC2 as the development name and perhaps try to find something that will appeal to the broader spectrum , (as broad as possible) (but pull back before BBQ)

Cheers great work.

-1 for not reading the whole thread and posting things that are already discussed ad nauseum
+1 for your Fallout avatar :-D

[thesnoo23]

You're misunderstanding the psychology of coin collectors. I have collected stuff all my life. My uncle taught me to collect coins, then it was onto baseball and basketball cards, and so on and so forth. The value in whatever you're collecting depends on the condition it's in and how rare it is. How valuable would a limited edition anything be if you decide later on that because the USD moved that now you're going to make it less limited? That is basically what the US banks and federal reserve already do and why would we want to bring that weakness into cryptocurrencies?

I think the total number of coins must be less than Bitcoin to be worth more than Bitcoin. It's not really something you can disprove because the math is the truth. Mincoin is the most valuable coin and I think this coin should copy Mincoin and go with let's say 8 million total coins (Mincoin has 10 million). The only mistake Mincoin made was they had a 3 day IPO launch which most people believe was a bit too quick but beyond that as far as the mathematics behind it go, for a mere fork of Litecoin it has better long term value than Litecoin could ever have. https://bitcointalk.org/index.php?topic=165397.0 The math does not lie.

Now am not saying everything about Bitcoin or Mincoin is right but the one thing Bitcoin and Mincoin did get right was to limit the total number of coins. That was one of the best decisions. The volatility isn't going to be an issue once the infrastructure is in place do you're trying to say Netcoin should try to solve a problem which wont be a problem by the time Netcoin becomes mainstream?

Netcoin's problem will be growing fast enough and being valuable enough. The infrastructure will be in place and so a fast-track IPO in my opinion is the best way to do it not just for Netcoin but for future coins where the launches should be faster and faster because there shouldn't be the assumption that there will be time to launch them like there are now. Either the environment will be much more hostile to cryptocurrencies or much more competitive and either way a quick launch is a competitive advantage. Bitcoin was the first so it could take 5 years because there was no infrastructure. The first websites and search engines could take a longer time but the growth rate has to improve.

I'm saying Netcoin could get away with 11 million coins, this is less than Bitcoin and competitive with Mincoin. It cannot get away with 400 million coins or 100 million coins or 60 million coins. It has to be less than Bitcoin to be competitive with Bitcoin because no one is going to buy into Netcoin if Netcoin isn't worth as much (and never will be) as Bitcoin. It should be a decision where Netcoin will eventually be worth double what Bitcoin is worth and then everyone would buy Netcoins as soon as it's useful and they can spend it.

Crypto currency miners/users aren't coin collectors, they're people who want money and/or believe in the rightness/goodness/whateverness of the crypto currency concept. The value of something, while certainly influenced by its scarcity, is not purely a function of said scarcity. Its functionality is important too, what can be done with it, how useful it is for those functions, are there better things to use for it, etc. For instance, there's a GREAT HUGE amount of ounces of gold in the world, MUCH MUCH more than 21 million, but an ounce of gold is still worth more than a bitcoin, even if bitcoins go to ten times their current value. And the reason for this is that gold is very useful as a store of value. It's easily divisible(as are almost all metals), it's reasonably rare, it's difficult(although not, unfortunately, impossible) to counterfeit, and it DOES have certain real world applications, such as jewelry and electronics.

A crypto currency doesn't have a lot of things that gold has, but it DOES have some of the things that are most important for a currency. Namely, scarcity and divisibility. However, being ridiculously scarce isn't always a good thing. Sure, it may hold some value, even great value, as a store of wealth. But one thing that a currency NEEDS in order to be successful is widespread acceptance and use. Gold has been used as money by almost every known civilization that has ever existed and had the capability to mine and refine it. But you know, platinum is worth a lot too, and it's very rare. How come no one has ever used THAT as a currency? Because it's TOO rare. All the platinum that has ever been mined in the history of the world could fit in a single cube measuring 25' to a side. That's not ENOUGH for it to be used as a currency in any but the smallest of nations. Crypto currencies are meant to be worldwide currencies. Sure, you can divide them up into smaller and smaller pieces, but even then, it's not very much when you consider the population of the WORLD. ~7,000,000,000 with 21,000,000 bitcoins. Obviously, not everyone will have a whole bitcoin, or even a tenth of a bitcoin. And that's assuming that no bitcoin has ever been lost, and never will be.

Personally, I think that the 21 million mark is about as low as you can go and expect to get actual acceptance worldwide as an everyday currency, which should be your goal in a project like this. Honestly, I think Litecoin is much closer to a good mark with their 84 mil.


tldr; some mild scarcity can be good for a currency, lots of scarcity usually isn't good for a currency that's more than a place to store value until you convert it to something else.

[tacotime]

tacotime:  Perhaps a simpler way to utilize multiple hashs is to actually have multiple chains which are 'braided' together.  It would work like this, for each time-increment of the network in which we would normally find 1 block, instead one block of each type of hash is found.  This forms a set for blocks that are hashed together with simple md5 to created as seed value which servers as input for ALL the blocks of the next time increment.  Thus the whole 'braid' advances its individual sub-chains in parallel and in perfect synchronization as only one time-increment can be worked on at a time.  It also allows each sub-chain to maintain its own difficulty based solely on the like-hash blocks rather then on an average of them all.  

This would address what I see as a potential flaw in your model.  Because of the random mix of hash types and the widely different solving times involved it is very likely that a long string of hard hashes will slow the network speed significantly.  Conversely a few ASIC friendly hashes in a row result in a huge speed burst.  But with each hash having a separate difficulty being continually adjusted to meet the target time you get a more consistent total solving time and at the same time you put a sharp and consistent upper limit on each type of hardware's ability to control the network.   You may even tamp down the wild network-speed increases from new hardware too because total network solving time can now only increase at the growth rate of the slowest rising hash-rate.

Now all that sounds great but the really fun part is that the different sub-chains can do DIFFERENT WORK, and have DIFFERENT PROOF methods.  This allows the necessary flexibility to solve the old "fox, hen and bag of corn must be taken across river" situation we end up with when we start looking at allowing the user base to decide anything democratically.  We know that people have perverse incentives most of the time and will try to make decisions which benefit them at someone else expense.  But if they the voting 'right' is distributed differently we can expect different outcomes, thus as people have said Stake-holders are far less likely to desire inflation then are miners.  Braided chains allow you flexibility in deciding who get what authority rather then lumping everyone together and requiring each group to validate the whole chain as would be the case with the original one-chain methodology tt describes.

I considered the "braided" model but the problem of network synchronization arises and you'll always be left waiting for the slowest chain.  It can be done, but I think it's a little needlessly complex without affording extra security.

The random mix of hash types will be addressed in the next white paper, I'm working on a new scrypt variant which will incorporate all hash types into a single block.  The only thing left is also modulating the difficulty per block; if I remember right there's almost linear scaling with memory usage above a certain amount of memory, so you can simply scale the difficulty for harder blocks (or, for simplicity, just fix the difficulty).

Using multiple redundant chains also adds a lot of network bandwidth, so it's more ideal not to use them (I will present another stake solution soon).

[tacotime]

Another thing that one may think about for a new coin design is how to be sustainable by avoiding indefinite long-term increase of block chain size:

Fundamentally, as long as a coin uses a pure "block chain" approach, the size can (and will) increase indefinitely as long as the coin exists, and thereby outpace any Moore's law kind of HW growth, which is finally bound by physical limits (size of atoms etc.)... so sooner or later any however big mining node would face problems providing the storage capacity for saving the complete transaction history.

I am wondering whether a concept could be designed to store the current "state" of the currency (state = "which address owns how many coins"), rather than the complete transaction history. The history could still be stored somewhere, optionally, but for sole operation of such a new crypto-currency, the "state" would be sufficient.

Just some rough calculations, using today's BTC as dimensioning basis (21e6*1e8 = 2.1e15 currency base units):

If a mining node wants to store the "state" of the network, how much storage capacity would it need?
--> In the worst case there are 2.1e15 addresses each holding exactly 1 base unit of the currency.
This is about "2100 Tera bits" * (A + B + C), with
A = "nb of bits per address",
B= "number of bits needed to express the balance",
C = "nb of bits needed for some meta data for the protocol and cryptography purposes".

In practice of course, the storage requirement would be a few orders of magnitude lower, so about a Terabyte of storage would probably be enough for all future.

So such a design would require memory well within feasible physical limits, sustainable forever, because a given max. storage limit would never be exceeded.

(Maybe a hybrid "state + incremental blockchain" approach is also possible...)

Light ledger system will be available to the client should they choose to use it.  Storage for light ledger will be dramatically reduced (along with end-user security).  Some nodes will still need the full block chain.

See: https://bitcointalk.org/index.php?topic=169311.0;all

[tacotime]

Any solution to the byzantine consensus problem with a hybrid PoW-PoW stake system that further introduces fault-tolerance and enhances network security with no real net increase in computation power should be a better solution, not a worse one (main tradeoff is chain bloat, but I'm sure people find this acceptable).  

I can understand the need for compromise but where in your paper is this tradeoff made explicit and it's security/efficiency improvement analyzed ? You simply assert that proof of stake is Good, and build from there. The same for the PPC paper, it's all hand-waving spiced with low level implementation details. Don't view it as an attack on you or your objectives, I am a fan of getting rid of wasteful hashing; however this is a very hard computer science problem (Byzantine consensus vs. the Sybil attack) and I expect a hairy analytical paper with all sort of funny symbols and equations, not implementation details.

It seems to me the cryptocurrency community needs more thinkers than doers. Not enough analysis goes into these bitcoin forks, and the results up to now are half baked and flaky.

Yes, I'm adding more hash algorithms -- but there is no simple way to implement them all together with an ASIC or FPGA without using a massive number of logic units.  You're looking at maybe 35k gates with a scrypt ASIC while this would easily require 100k+ to hit all encryption algorithms.  

So what ? A modern FPGA can include over ten million gates (virtex 7). A large 22nm ASIC can contain hundreds of millions of simple gates. Indeed it's a bit more work to get the first device done (a fixed cost), but once you have the mask the marginal cost to multiply it is the same as a simple Bitcoin mask which uses a single type of hash. What you should be targeting for is that each chip cannot be much more efficient than a CPU, and scrypt, a password derivation technique, is NOT a proper primitive for this task, the same for you multi-hash scheme.

Proof of activity scheme will be added in the newer whitepaper, I'll do my best to give some kind of analysis or at least to attempt to predict likely attacks.  It will prevent the double spend problem (as best as I can tell) but may introduce other unique attacks.

I'll be frank and say that I'm not well qualified enough to give appropriate theorems in defence of the PoS/PoA system.  Something like this will require external audit.  Any theorems I could provide after anaylsis will likely have to assume a number of constants anyway, like network hash rate, stake participation, and so on, and relevance to real world security may be dubious.

If you incorporate enough different SHA systems, you can easily increase the number of required gates more than 10 fold.  The objective is increase in gate size without decreasing CPU or GPU performance.  I will be writing the algorithm for this, and I will provide at least some analysis for performance on CPU/GPU and estimated logic gate usage on FPGA/ASIC.  Obviously, if you increase the number of gates ten-fold you decrease the number of on-die hash processor units 10-fold.

[tacotime]

( if this was already mentioned, apologies in advance )

I think the first coin to establish a system that goes some way to avoiding the need for an exchange will likely be very successful. I don't know how/if this could be coded into client wallets etc, but how about this idea :

I want to send $200 to Mr X, in exchange for a number of noXcoin ( or whatever the name of this imaginary new coin is ), I load my own client wallet with $200 ( let's worry about how I can do that in a while ), this creates a string like a bitcoin address, but prefixed with $, this sting is unique and becomes known on the network, using this string, I send the $200 over to mr X.

Mr X has a number if hours, lets say for now it's 2 hours, ( maybe this time period can be set by the initial sender, the 'guy that goes first' ), to send me my noXcoins, as soon as he does so, the trade is 'locked down' by the network and neither party can reverse the trade. If I do not get my coins inside the 2 hours, the trade gets cancelled, and my $200 get credited back to me by the network.

How do I get these $200 into my wallet? I guess that's the difficult part in this at least, I think something has to be  built into the design that will allow banks to join the network and offer the ability for people to send $,€,£ etc to their wallets, ( for a small fee I guess to give them the incentive ), right, this wouldn't work from day one, and we have to trust market forces to take place and the banks to jump on board with that one in putting their end of the system in place. Maybe there is another better solution to that ?

There have been a lot of people asking about the addition of decentralized exchanges, and I'll be the first to admit I don't know enough about them right now.  The first group (arguably) able to achieve this is opencoin, and maybe a Netcoin specific fork can be given at the introduction of Netcoin.  For now, the client will not incorporate any kind of exchange.

[tacotime]

Hi,

I would really like the idea of new coin that gets rid of constant arm race between miners, because this makes bitcoin really expensive system. It is fundamental problem, because it can make bitcoin non competitive transaction system. Centralized payment solutions benefit from economy of scale, while cost of running bitcoin network is proportional to bitcoin value and transaction volume.

Too bad your paper states that you are rely on exponential increases of hashing speed, which means your system will use as much energy as original bitcoin. Am I right?

I read your paper and it is quite complicated. Do we really need two types of blocks to implement PoS? I'd like to present much simpler mechanism.

Let's copy entire bitcoin algorithm and make one simple change. Instead of using same difficulty target for all miners let's have it dynamicaly reduced by amount of coin days destroyed in coinbase transaction.

Definitions:

base mdifficulty - difficulty calculated using bitcoin alorithm for current block
coin stake - amount of coin months destroyed in coinbase transaction

In bitcoin block is valid when its hash matches base difficulty. In my proposed system block is valid when it matches difficulty adjusted by coin stake.

modified difficulty = base_difficulty /  MAX(1, coin_stake)

So for example with base difficulty set as 1000 miner with no stake will have difficulty 1000
Miner with 2 coin months used in coinbase will have difficulty 500.

Of course difficulty adjustment equation can be modified to be less aggresive and/or define maximum difficulty reduction, but you get the idea. Do you see problems with this approach?

There's nothing that fundamentally shows that PPC or whatever chain with some PoW uses less power; it's entirely theoretical.  One may argue that PPC and friends are even worse, because they encourage attacks on pools by making the benefit to the miner instantaneous (per round difficulty adjustments).  PPC basically them turns it "Keep as many other miners off the network as possible" coin because reward is based on difficulty. 

Even if you make stake a considerable factor in your ability to solve blocks, you still end up with a billion PoW miners at the end of the day hopping onto pools with large amount of stake and using lots of energy, so that solution looks rather naive.

[tacotime]

First, I just want to say that I applaud Tacotime's acknowledgement of how a coin should be released especially with all these silly copycat alt coins that provide nothing novel being spammed almost daily now. Litecoin has shown the advantages of alternative hashing algorithms, but I also concur that a more in depth look at optimizing a coin for GPU mining above all else is key. If GPU mining is able to be protected as the best way to mine a coin then this provides the best decentralization as gamers will always be a huge distribution of hashing power whereas ASICs and FPGAs will always be skewed towards a relatively few individuals/groups with significant capital (not that GPU mining farms are impossible just that even a few thousand GPU farms will pale in comparison to the gaming community).

Now, while just optimizing the hashing algorithm provides a useful trait for a new coin, I suggest that we take this opportunity and add a few additional key traits to the new coin to provide utility to the community well beyond any current cryptocurrency. In order of importance I suggest the following additional key features:

Distributed Exchange
Distributed exchange is perhaps the killer feature that everyone is talking about often with unrealistic expectations. Obviously we cannot solve the problem of converting fiat directly into cryptocurrency, but I believe we can provide a decentralized exchange mechanism that only relies on outside trusted parties for a final withdrawal or deposit of fiat. My suggestion has two main features. First, we incorporate the colored coins idea (https://docs.google.com/document/d/1AnkP_cVZTCMLIzw4DvsW6M8Q2JC0lIzrTLuoWu2z1BE/edit?pli=1) to allow any outside party to create and sign particular coins as having some additional meaning (in the fiat use case that would be some amount of USD for instance). Second, we create a new type of transaction that posts an offer to the network to exchange some number of new(whatever our new currency is called)coins for a certain number of colored coins properly signed by an entity or set of entities or vice versa. Once the network sees offers that match, a transaction is recorded in the block chain that atomically transfers ownership to each party. (TODO optimize incentives for miners to match offers well through transaction fees etc.)

I would also like to see a way to exchange with other cryptocurrency directly, but this has many additional hurdles such as requiring all nodes or at least miners to keep other block chains in memory and possible denial of service attacks from people accepting offers and not sending the BTC or LTC agreed upon.

I'd love to have it, but have no idea how to implement it as previously mentioned.  If another party wishes to via a peripheral system such as a plug in, that's fine, but I don't plan on it being in the client at launch.

Built in P2Pool type mining option
The P2Pool project epitomizes the distributed nature and serves as an important bulwark against a few popular pools from having a huge influence on block chains. I suggest we incorporate this option directly into the client. This also will give users a no hassle option to mine and receive coins out of the box without dealing with pool registration and the risk of them being hacked.

That is probably doable, but I'm not too knowledgable on P2P.  I would like to have at least a few pools open at launch, that are started from the testnet.

Built in GPU mining option
I suggest we bundle and integrate a graphical interface such that novice users can easily mine with their GPU with just the normal official client. Combined with the above P2Pool suggestion this should further democratize mining making it as user friendly as possible to novice users.

Depends on the availability of a GPU miner at launch.

Zerocoin anonymization
http://spar.isi.jhu.edu/~mgreen/ZerocoinOakland.pdf
While this may yet be too computationally and space intensive for now, I think we should at least consider the possibility of implementing this state of the art crypto work. It is going to be presented at the top academic conference in computer security this May. Read the paper for details, but the gist is that you can truly anonymize the coins such that no one can match the input and outputs of transactions. The main disadvantage it has for bitcoin is that the protocol would have to be accepted by all the users, but if we incorporate this by default in the client from the start we solve that problem. There is some concern about how heavyweight the crypto is so that will have to be considered.

As you mentioned, implementation of ZeroCoin would be so resource intensive that it'd probably kill the chain.  The tradeoff is anonymity versus pseudononymity, and presently I'm okay with the latter.

0-confirmation double spend resistance
The normal defense against a double spend is to wait for a number of confirmations such that an attacker will have to have close to or more than 51% of the hashing power of the network. This is a very strong guarantee and works well for transactions of any amount, but comes at the cost of waiting for at least 1 block. For asynchronous transactions such as online purchases where product is eventually shipped after some delay this is almost no cost at all, but in the scenario where a user wants to use bitcoin like cash for an in store purchase and walk out with merchandise, this wait time greatly exceeds that of a 1 second credit card processing wait. This is as far as I know a novel idea that I came up with to partially address wait time. A transaction with zero confirmations can easily be double spent. I propose that if multiple transactions are floating in the network waiting to be confirmed into the next block and there are conflicts among them (double spends) that as long as each transaction by itself would be valid that instead of choosing one the network writes both into the block and destroys the coins involved. While the merchant would still lose the coins so would the attacker removing the incentive to double spend. Now of course for large transactions one would still be ill advised to accept 0 confirmations, this destroys the incentive for a casual theft of small amounts. I think this could be especially useful for payment processors like bitinstant when people use it on their phones to pay for food or beer as if they left immediately after, there is a significant delay before anyone would be aware of the zero confirmation double spend.

I am also available to contribute some time to design/programming. I think this should be a significant undertaking with as many people involved as possible to really create a significant contribution to the cryptocurrency community. Anything halfhearted or just an incremental improvement will not make much difference. I'd rather not have a slew of alternative currencies that slowly build on each other, but rather a significant leap forward with real testing and new features.

Let me know if anything is unclear. I'll try to answer any questions although most of these ideas are preliminary so lots of work in finalizing an actual working implementation is yet to be done. I do believe that all these suggestions are quite practical if we have enough programmers volunteer to create and test them.

Nathaniel

Working on this.  Zero conf spending is probably a bad idea still, but I may be able to get it down to 4 minutes or less (forthcoming; again, there are tradeoffs).

I will add you to the potential dev list.

[tacotime]

If you're working with Python then list me as someone who may occasionally contribute code. What languages are you working with?

Probably C++, but I'll put you down as a potential dev.

I have two questions, how many coins will there be? If it's 11 million total for instance then I think this would be ideal. If it's more than it wont ever be as valuable as Bitcoin and so how will you get early adopters to support this?

I asked the same question to SunnyKing about PPcoin. But yes I'm definitely interested in contributing to the project whether with code or in other ways depending on what you decide to do. Right now I'm familiarizing myself with the Bitcoin code but it's fairly straightforward from what I've seen of the Python implementations.

∞ expanding at an extremely low rate 30 years after introduction.  You don't want to have no new introduction of coins later on, as you need some method to redistribute wealth even if only slightly.  Fees are not really the answer (in my opinion) because of how unpredictable they will likely be.

You're absolutely right. This should be on Kickstarter. Why not?

As far as Kickstarter,
I will consider crowd-sourcing this.  I will not use a premine to fund it, though.  The method I would consider to be the most desirable would be to rout the fee to a series of addresses (a new one every 3 or 6 coin months or so) and then pay the kickstarter contributors dividends extending directly from the network fees.  This could continue for a few years, then the fees would be given to miners.

[Praxis]

[quote I will not use a premine to fund it, though.  The method I would consider to be the most desirable would be to rout the fee to a series of addresses (a new one every 3 or 6 coin months or so) and then pay the kickstarter contributors dividends extending directly from the network fees.  This could continue for a few years, then the fees would be given to miners.

Thank god for no premine, and excellent idea about dividents payout.