Bitcoin Forum
November 05, 2024, 11:07:37 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 ... 62 »
  Print  
Author Topic: MC2: A cryptocurrency based on a hybrid PoW/PoS system  (Read 195184 times)
mr_random
Legendary
*
Offline Offline

Activity: 1344
Merit: 1001



View Profile
April 07, 2013, 05:29:53 PM
 #41

Haha I first thought the MC2 stood for mc^2 as in e=mc^2, Einstein's energy equation. So it would be 'Energy' coin  Wink

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
qxzn
Hero Member
*****
Offline Offline

Activity: 609
Merit: 506



View Profile
April 07, 2013, 07:09:11 PM
 #42

1) Require that every single PoS block be followed by a PoW block and succeeded by a PoW block, limiting the maximum block rate of the network to PoW and preventing PoS blocks from easily making forks so they can double spend.

I'm pretty new to PoS designs, but wouldn't this kinda defeat any long-term energy efficiency purposes of using PoS? Why bother with PoS at all then?
tacotime (OP)
Legendary
*
Offline Offline

Activity: 1484
Merit: 1005



View Profile
April 07, 2013, 07:13:22 PM
 #43

1) Require that every single PoS block be followed by a PoW block and succeeded by a PoW block, limiting the maximum block rate of the network to PoW and preventing PoS blocks from easily making forks so they can double spend.

I'm pretty new to PoS designs, but wouldn't this kinda defeat any long-term energy efficiency purposes of using PoS? Why bother with PoS at all then?

No -- it still affords enhanced security for no real net gain in electricity used.  You get some extra resistance to 51% attacks and extra confirmations through this system.

Aside from that, I'd really like to have an alt. chain where you are rewarded for saving coins in a fashion that is disconnected from the market.

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
qxzn
Hero Member
*****
Offline Offline

Activity: 609
Merit: 506



View Profile
April 07, 2013, 07:33:50 PM
 #44

1) Require that every single PoS block be followed by a PoW block and succeeded by a PoW block, limiting the maximum block rate of the network to PoW and preventing PoS blocks from easily making forks so they can double spend.

I'm pretty new to PoS designs, but wouldn't this kinda defeat any long-term energy efficiency purposes of using PoS? Why bother with PoS at all then?

No -- it still affords enhanced security for no real net gain in electricity used.  You get some extra resistance to 51% attacks and extra confirmations through this system.

So the PoW blocks aren't competitively mined? Does the miner get nothing from a PoW block?

Sorry if these are answers already written.. I should probably read your initial stuff more closely..

Quote
Aside from that, I'd really like to have an alt. chain where you are rewarded for saving coins in a fashion that is disconnected from the market.

I also kinda like this idea, but it also poses the difficulty of deciding what level interest should be.
tacotime (OP)
Legendary
*
Offline Offline

Activity: 1484
Merit: 1005



View Profile
April 07, 2013, 07:53:34 PM
 #45

So the PoW blocks aren't competitively mined? Does the miner get nothing from a PoW block?

Sorry if these are answers already written.. I should probably read your initial stuff more closely..

They are competitively mined as in BTC/LTC/PPC.  PoS blocks are not competitively mined, you can simply grab them once you have enough coins of a certain age (which is why you need to put heavy restrictions on the timing of PoS blocks; otherwise a double spend is really, really easy).

Quote
I also kinda like this idea, but it also poses the difficulty of deciding what level interest should be.

The reward for MC2 is 12.5 coins per clock (vs. 25 coins per block initially for PoW), and it decreases 8% per coin year the same as for the PoW blocks.  I think it's ideal for PoW to have a doubly higher reward, as PoW takes more computational effort.

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
Praxis
Legendary
*
Offline Offline

Activity: 1118
Merit: 1004



View Profile
April 07, 2013, 07:57:47 PM
 #46

Looks very good!
Just one thing: change the name to something usable and new while you can.
Memcoin2 sounds like this is just a second copy of something else, and doesn't sound appealing at all
Don't make the same mistake peepeecoin made :p

It's a working title, I'm open to suggestions.

Megacoin (MGC)
Perfectcoin (PTN) (PTC)
Metacoin (MTC)
TheCoin (TCN)

+1 for Metacoin
twelph
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
April 07, 2013, 08:01:09 PM
 #47

+1 for Metacoin
That's my favorite also.

Quote
Meta - Indicates a concept which is an abstraction from another concept, used to complete or add to the latter.
This coin is meta all over the place.

Trustworthy Buyers: TTBit
Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 510



View Profile
April 07, 2013, 08:04:02 PM
 #48

Will be one to watch. Would it be Scrypt-based, or an offshoot of scrypt?

Heavily scrypt based (scrypt with four different secure hash algorithms and two different stream cipher algorithms for fault tolerance and ASIC resistance in arranged in the blockchain in a randomized order)

This sounds quite good. I'm going to keep a close eye on this coin as it looks very interesting. I especially like the democratic element.
RauBan
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
April 07, 2013, 08:26:18 PM
 #49

I'd be willing to invest my spare hours of programming into this. I'm mostly into android backend and c++ programming.
BeeCee1
Member
**
Offline Offline

Activity: 115
Merit: 10


View Profile
April 07, 2013, 08:32:08 PM
 #50

I like the idea, but have a couple of comments

whitepaper: "BLAKE512, SKEIN512, SHA3-512 (KECCAK512), and SHA2-512 are incorporated with both Salsa20 and Chacha20 stream ciphers."

I like how this makes fpga's and asics harder, but it also means that if there is a flaw in any one of these hashes or stream ciphers then the coin fails.  Is there any other way to achieve this goal?



whitepaper:  "Transactions will largely stay the same as in BTC; coin age will be calculated from the the timestamp of the block in which it appears."

Why calculate from the timestamp and not the block height?  timestamps can be incorrect, the block height can't be. They both give estimates since the block height to time calculation is based on the target block time that isn't always met, but it is good to base as much as possible on truths inherent to the blockchain.
Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 510



View Profile
April 07, 2013, 08:33:18 PM
 #51

Link to the draft version of the whitepaper: Download

Notable things about this chain:
- Uses a new approach to secure hashing algorithms for the hash tree of a given block that should increase FPGA/ASIC resistance
- After 27 coin years it employs a democratic system of voting to manipulate the interest rate of the block chain (users act as the central bank and regulate the rate of inflation)
- Difficulty is based on the linear weighted average of the block times for the past 18 days for PoW blocks
- New block reward adjustment algorithm is given that yields an 8% decrease in block reward per year
- Simple PoS design (tried to strip it of as many complexities as possible)
- PoW and PoS systems are designed to happily coexist, with favour slightly given to the PoW system
- PoS system also intended to prevent 51% attacks

Feel free to peer-review/tear it apart.  I will be the first to say that I'm pretty terrible at math, so please correct any mistakes I've made.  I'd love to hear why you think it's a great/terrible idea, though.  Obviously I anticipate there are a lot of problems with it that I couldn't foresee, so please help me out!

Figure 2 also doesn't want to display with the Y-axis title correct, not sure why that is/too tired to fix this (been working on this/thinking about it for almost 11 hours now).


The value n is
again used to determine the cycle size of the polymorphic hash chain, where
each of the 8 possibilities of a sequential memory-hard hash function are
incorporated into the hash chain once and only once; as before, in MC2 n =
8. These are also ordered in a pseudorandom fashion every cycle.


Are there details on the pseudo-random mechanism and why it is done this way? Is it secure to do it pseudo-random rather than truly random?

Sorry but I'd like more information because whenever I see pseudo-random I usually perceive it as a negative red-flag.


the order will be determined by the integer ordering of the Pearson hashes
of the the Merkle root of blocks {(current block 259,200) ... (current block 259,192) – – }
such that


Huh? Okay why was this decision chosen unless it's the only way?

Anyway I'm digesting your paper and I think a lot of it is brilliant so you've won me over as a long term supporter. I think these sorts of currencies need more democratic processes built in because this way they can adapt better to social conditions. The one problem I see with cryptocurrencies is that they all assume that not a lot will change from now to 100 years from now. It's almost certain that Bitcoin cannot last 100 years by design. The birth of AGI or superintelligence will change everything and that hasn't really been factored into this enough.

Theoretical question, if AI or a robot does some work should that AI or robot have to be paid in some sort of cryptocurrency as well? That would potentially be an advance because it would make balance the value of human labor and robot or AI labor for instance if even robot or AI labor is accounted for. It would also provide a mechanism to potentially fund building robots and AI if the creators would be able to tax the profits of their robots.

This would mean there would be no free labor, not even if bots. This is philosophical but I figured I'd add it to the discussion because if cryptocurrency becomes more energy efficient and AI reaches artificial general intelligence and eventually super intelligence then there will be less a need for human labor at all. Why not consider that when designing cryptocurrency?
Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 510



View Profile
April 07, 2013, 08:39:05 PM
 #52

Looks very good!
Just one thing: change the name to something usable and new while you can.
Memcoin2 sounds like this is just a second copy of something else, and doesn't sound appealing at all
Don't make the same mistake peepeecoin made :p

How about Omegacoin?
Better than Memcoin.
tacotime (OP)
Legendary
*
Offline Offline

Activity: 1484
Merit: 1005



View Profile
April 07, 2013, 08:40:40 PM
 #53

I like the idea, but have a couple of comments

whitepaper: "BLAKE512, SKEIN512, SHA3-512 (KECCAK512), and SHA2-512 are incorporated with both Salsa20 and Chacha20 stream ciphers."

I like how this makes fpga's and asics harder, but it also means that if there is a flaw in any one of these hashes or stream ciphers then the coin fails.  Is there any other way to achieve this goal?
The worst thing that can happen with a secure hash algorithm is that any given input's output hash can be predicted more easily than actually hashing it.  In the event this happens, we only lose 1/4 of the security of the chain (1/4 of the blocks can be solved more quickly than the others) because we are still using all the other secure hash algorithms, whereas with bitcoin if SHA2 fails the entire chain will trainwreck.  If there is a collision attack or something of this nature for one of the hash algorithms, we can just replace it in an update -- the effect on the currency overall is minimal.

Quote
whitepaper:  "Transactions will largely stay the same as in BTC; coin age will be calculated from the the timestamp of the block in which it appears."

Why calculate from the timestamp and not the block height?  timestamps can be incorrect, the block height can't be. They both give estimates since the block height to time calculation is based on the target block time that isn't always met, but it is good to base as much as possible on truths inherent to the blockchain.


This is a (good) possibility too -- we can use PoW block height as a consistent metric for network time.  I will think about this some more and may use it.

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
tacotime (OP)
Legendary
*
Offline Offline

Activity: 1484
Merit: 1005



View Profile
April 07, 2013, 08:49:43 PM
 #54


The value n is
again used to determine the cycle size of the polymorphic hash chain, where
each of the 8 possibilities of a sequential memory-hard hash function are
incorporated into the hash chain once and only once; as before, in MC2 n =
8. These are also ordered in a pseudorandom fashion every cycle.


Are there details on the pseudo-random mechanism and why it is done this way? Is it secure to do it pseudo-random rather than truly random?

Sorry but I'd like more information because whenever I see pseudo-random I usually perceive it as a negative red-flag.

The quantities of N for each 8 block cycle are pseudorandom because they are based on the hard hashes of the merkle roots of the last 8 blocks.  I say pseudorandom because something is determining them.  The reason this can't likely be gamed is because the hard hashes from which these are based on take a long time and a lot of memory to compute (N = 262144; I think they take about 500 msec each to compute on a CPU).  In order to game them, you would have to both select for the blocks you put into the hash chain (very hard, because PoW is competitive) and also calculate millions of these extremely hard hashes.

Quote

the order will be determined by the integer ordering of the Pearson hashes
of the the Merkle root of blocks {(current block 259,200) ... (current block 259,192) – – }
such that


Huh? Okay why was this decision chosen unless it's the only way?
Pearson hashes are non-secure, but they are exactly 8-bits.  The gap for all subranges in N' (Nmax - Nmin) is 256, and 2^(8 bits) = 256.  Because we calculate the pearson hash from the hard hash we've already generated, it shouldn't pose a security issue (as before, the hard hashes are really, really hard to game).

Edit: Sorry, realized this was about the block ordering, not N-ordering and value generation.  I figured that it would be unlikely that people game values in the chain for the ordering of the SHAs years in advance, because that's a massive expenditure of energy (throwing away millions of blocks) in order to do so.  There are other ways to do so, but this was easy and there shouldn't be any major security qualms about it I would think (but if you can think of some, I am all ears).  I should note in the next update of the paper that these will be based on the PoW blocks only, not PoS blocks (which can easily be gamed).

Quote
Anyway I'm digesting your paper and I think a lot of it is brilliant so you've won me over as a long term supporter. I think these sorts of currencies need more democratic processes built in because this way they can adapt better to social conditions. The one problem I see with cryptocurrencies is that they all assume that not a lot will change from now to 100 years from now. It's almost certain that Bitcoin cannot last 100 years by design. The birth of AGI or superintelligence will change everything and that hasn't really been factored into this enough.

Theoretical question, if AI or a robot does some work should that AI or robot have to be paid in some sort of cryptocurrency as well? That would potentially be an advance because it would make balance the value of human labor and robot or AI labor for instance if even robot or AI labor is accounted for. It would also provide a mechanism to potentially fund building robots and AI if the creators would be able to tax the profits of their robots.

This would mean there would be no free labor, not even if bots. This is philosophical but I figured I'd add it to the discussion because if cryptocurrency becomes more energy efficient and AI reaches artificial general intelligence and eventually super intelligence then there will be less a need for human labor at all. Why not consider that when designing cryptocurrency?

The miraculous thing about Bitcoin is that the protocol can change over time; the clients just need to download new versions they agree upon.  Right now the BTC protocol is good enough, but in 10 years? 20 years? 30 years?  The democratic system is in place as an eventuality -- you might be surprised as to what doesn't change in 30 years, too.  But if AI is designing things, well, I think it'll probably look quite a lot different than this.

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 510



View Profile
April 07, 2013, 09:00:00 PM
 #55

Anyway I'm digesting your paper and I think a lot of it is brilliant so you've won me over as a long term supporter. I think these sorts of currencies need more democratic processes built in because this way they can adapt better to social conditions. The one problem I see with cryptocurrencies is that they all assume that not a lot will change from now to 100 years from now. It's almost certain that Bitcoin cannot last 100 years by design. The birth of AGI or superintelligence will change everything and that hasn't really been factored into this enough.

Theoretical question, if AI or a robot does some work should that AI or robot have to be paid in some sort of cryptocurrency as well? That would potentially be an advance because it would make balance the value of human labor and robot or AI labor for instance if even robot or AI labor is accounted for. It would also provide a mechanism to potentially fund building robots and AI if the creators would be able to tax the profits of their robots.

This would mean there would be no free labor, not even if bots. This is philosophical but I figured I'd add it to the discussion because if cryptocurrency becomes more energy efficient and AI reaches artificial general intelligence and eventually super intelligence then there will be less a need for human labor at all. Why not consider that when designing cryptocurrency?
Quote
The miraculous thing about Bitcoin is that the protocol can change over time; the clients just need to download new versions they agree upon.  Right now the BTC protocol is good enough, but in 10 years? 20 years? 30 years?  The democratic system is in place as an eventuality -- you might be surprised as to what doesn't change in 30 years, too.  But if AI is designing things, well, I think it'll probably look quite a lot different than this.

But what if the insecurity or disaster comes from the governments in charge? Let's say Bitcoin is wonderful and takes off but governments like how it's set up and wont let us make changes? It has to be easy enough to make changes and thus it has to be very modular.

I think the moment we get AGI everything changes and all rules of economics will be screwed. There will be no reason to hire human beings to do labor so how would human beings earn Bitcoin or any other cryptocurrency?

At some point human beings will have to earn by taxing their machines somehow. Today in 2013 AI isn't able to design things, but in 2031 this may be different and AI may be able to design everything. When that happens it will impact cryptocurrencies as well and if we can plan for that possibility in the design early on then perhaps we can mitigate any potential existential threat which could come.

It sounds baseless, but many people are concerned that all their jobs will be replaced by machines, robots and AI. A more energy efficient currency might only speed that up and what good is a cryptocurrency in that environment?

Overall though I value your currency. I just hope when it's being programmed it has a very modular design so that it can continuously and easily be updated even if the politics make it hostile to do so.
chriswen
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


View Profile
April 07, 2013, 10:02:03 PM
 #56

Okay, I have another question.

The hash type used for the block is calculated and added for the block header.  The hash type that is supposed to be used is used is shown through the block header.  Because we know what hash type is used it is easier to verify the legitimacy of the block.  But, how do we verify that the correct hash is chosen?  We would need to calculate that.  But, then that would defeat the whole point.  In the whitepaper it says the hash type is given so that you don't need to calculate it.  Who would be calculating and verifying the hash type?

tacotime (OP)
Legendary
*
Offline Offline

Activity: 1484
Merit: 1005



View Profile
April 07, 2013, 10:13:49 PM
 #57

Okay, I have some more questions.

The hash type used for the block is calculated and added for the block header.  The hash type that is supposed to be used is used is shown through the block header.  Because we know what hash type is used it is easier to verify the legitimacy of the block.  But, how do we verify that the correct hash is chosen?  We would need to calculate that.  But, then that would defeat the whole point.  In the whitepaper it says the hash type is given so that you don't need to calculate it.  Who would be calculating and verifying the hash type?

The hash type used is determined from a pseudorandomly generated table for the first 200k or so blocks and then is simply derived from the Pearson hash of the 1st, 2nd, ... , nth block after reaching this predefined block height.

In the case of both this and N, they are (eventually) both chosen from the blockchain itself, but through previous blocks, never current blocks.

Note: N values are calculated from the last 8 blocks in a block cycle, but also not current blocks.  The N value is calculated from a much harder scrypt hash of the merkle root.  I think the merkle root is able to be gamed though (by manipulating coinbase transaction) so in the next draft this should change to to the block hash rather than the merkle root.  We might also need to do another scrypt hash instead of the Pearson hash for secure hash algorithm order and then use that to determine the order of SHAs -- this could afford more security and is easy to implement.

We verify that the correct hash is chosen the same way we do in bitcoin: We require that the hash has a number of leading zeroes (difficulty).  Because the type of hash in also in the block header, you could never use one of the other hashes too (the network clients would reject it even if it satisfied the correct number of leading zeroes).

Edit: If we use the block hash though, we need to contend with the fact that we have essentially a truncated input because of leading zeroes.  This might be make it a little less secure (though I doubt it).  In this case, we can just use the last 256-bits (which will likely never be 0's) of the block header hash for use in the hard hash to calculate N.

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
chriswen
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


View Profile
April 07, 2013, 10:25:31 PM
 #58

Just to confirm, the PoS inital block reward is 12.5 would be for block 1.  But since there are no block one stake blocks.  The first PoS block is at...

Okay now I run into another problem.  90 days is 32400 blocks (360 blocks per day).  But, no PoS blocks are generated for the first 90 'days'.  That means that the first PoS blocks won't be generated till 180 days later.  And PoW blocks will have a reward adjustment every 18 earth days.
tacotime (OP)
Legendary
*
Offline Offline

Activity: 1484
Merit: 1005



View Profile
April 07, 2013, 10:39:00 PM
 #59

Just to confirm, the PoS inital block reward is 12.5 would be for block 1.  But since there are no block one stake blocks.  The first PoS block is at...

Okay now I run into another problem.  90 days is 32400 blocks (360 blocks per day).  But, no PoS blocks are generated for the first 90 'days'.  That means that the first PoS blocks won't be generated till 180 days later.  And PoW blocks will have a reward adjustment every 18 earth days.

This is correct.  The first PoS blocks will be less than 12.5 coins and PoW will have a head start.  During this time PoW also disinflates though, so they will both maintain a 50:50 ratio to one another.

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
alxs
Full Member
***
Offline Offline

Activity: 169
Merit: 100


View Profile WWW
April 07, 2013, 11:10:23 PM
 #60

Great conceptualization and really like the democratization aspect especially! 
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 ... 62 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!