Why use blocks at all?

[wolverine.ks]

Is there any reason why 'blocks' were used at all in the implementation of btc?
It seems like processing each transaction separately would have been more fair. Each transactions would pay the amount they want to achieve the desired speed of confirmation, rather than some transactions riding the coat tails of other transactions that did pay a fee.

-wolv

[1715394175]

1715394175

[1715394175]

1715394175

[eb3full]

Right now, we can make blocks occur on average every 10 minutes using difficulty adjustment, which is necessary to adapt the network to changes in computing power (it's the point of a proof-of-work, after all). We cannot apply difficulty adjustment to transactions without limiting the transaction rate.

[beeblebrox]

Is there any reason why 'blocks' were used at all in the implementation of btc?
It seems like processing each transaction separately would have been more fair. Each transactions would pay the amount they want to achieve the desired speed of confirmation, rather than some transactions riding the coat tails of other transactions that did pay a fee.

-wolv

So basically what you're saying is that every block should have just one transaction.  The problem with this is that to process the current number of transactions the time between one-transaction-blocks would be only seconds which doesn't allow for enough time for transaction propagation across the network nor enough time for the mining difficulty to stabilize.  As bitcoin becomes more popular as a working currency the block time would need to adjust downwards to maintain a reasonable transaction clearance rate (eg: it would need to go to sub-milli second to match Visa's transaction rate).

[beeblebrox]

What you could be asking instead is  "Why use mining at all?".

It is quite easy to imagine where miners assemble transactions into blocks and collectively build a shared block chain but the protocol doesn't require proof-of-work.   I've recently been designing various an alt-chains as thought experiments and such a work-less block chain was one of them (along with others such as a protocol where miners do useful proof-of-work).


All that it requires is a way to insure that no one entity/person has no more than a small minority of miners under their control out of the all the of miners that exist (perferrably each person/entity that mines would be exactly one miner-- but the system would tolerate a bit of abuse/fraud if someone makes a few different personalities to mine under).  *If* you're prepared to accept a protocol where the miners lose anonymity and there is a bit of centralised authority then it is easy enough limit the number of mining personalities that an entity may control to a level that is sufficient for the protocol to work.  (Of-course many here on this forum wouldn't want anything to do with a system that has the slightest wiff of centralized authority and non-anonymous mining).


How such a protocol can work:
Firstly, miner's have to register with the system to prove who they are and that they are not already mining-- eg: this could be based on existing (weak) systems such as PKI. Given nobody controls more than a small minority of the total number of miners, a block-chain protocol can be created that is more-or-less as secure as bitcoin.  

Basically the protocol determines which miner mines the next block in a deterministic but effectively random* way so that after the block creation time has passed (say 5 mins**) this miner is required to create a block of transactions and publish it to the network.  Once published, the nodes check that this is the miner that was meant to build the next block and if so adds the block to their copy of the block-chain.  That's about the gist of it!

Now the miner that builds the block could of course build other different blocks and publish them-- thus trying to do a double spend***.  However, for this case the protocol could choose from among all of the miner's candidate blocks that exist at the next block creation time the one with the lowest hash value as the valid block (any block published by the delinquent miner after this time is dropped automatically by the nodes).  So once a few more transaction confirmations have passed the chances are that most of the following blocks were mined by different unrelated miners and the there is only one longest chain-- regardless of the fact that a miner published multiple blocks maliciously.

 Also, as an aside, note that in this system because there is no proof-of-work race involved-- every miner that is registered for mining the current block can be rewarded with an equal share of the transaction-fees/block reward.


* This might seems like a contradiction of terms-- "how can you have a determinnistic but effectively random decision as to the next miner?" you may ask.  What you can do is have the miners indicate their intention to participate in mining for say the next 100 blocks by transmitting a special message to the network nodes-- this message includes an address which is where the transaction fees received are to be paid.  Then after each block is created a hash is taken of the current state of the system (blockchain and current miners) and a hash of receiving address of each miner that is currently participating.  The miner with the closest hash to the system based hash is the one that mines the next block.  Of course of it needs a fail-safe in case this miner fails to publish-- so really the miners are ranked according to closest matching hashes-- if after some time-out the miner doesn't publish a block then the next in line is given the task, if they fail then the next,etc.

** Note: in this system the block creation rate would be very regular unlike bitcoin.  The blocks would take 6 mins with very little variance.

*** The protocol could also implement penalties to dissuade miners from publishing multiple candidates-- if at the time of registering they give a bond payment address that contains a sizeable amount.  This address is locked against owner withdrawals by the protocol for the duration of mining participation (100 blocks in this example), any time the nodes detect an attempted double spend by a malicious miner they subtract a penalty amount automatically from this address that goes toward block reward/transaction fees for the next block.  The protocol can also implement penalties for miners that fail to publish block when they're meant to.

[beeblebrox]

What you could be asking instead is  "Why use mining at all?".

.....

How such a protocol can work:
Firstly, miner's have to register with the system to prove who they are and that they are not already mining-- eg: this could be based on existing (weak) systems such as PKI.
 .......

Actually, instead of using PKI, you could use social network sites like Google+ since they try to limit the accounts to real people.  PKI really isn't that good for this sort of thing.

[Deafboy]

Firstly, miner's have to register...

This is where I stopped reading.

[DeathAndTaxes]

If you're prepared to accept a protocol where the miners lose anonymity and there is a bit of centralised authority

Fail.  I already have centralized money.  As much as I dislike the Federal Reserve I trust them about as much as I trust you.

[Littleshop]

Digitally everything needs to be divided into portions and grouped.  Grouping a single item with itself would be a waste of space, increase (vastly) traffic between nodes and more importantly the network would never settle.  Right now it 'settles' every 10 minutes.  You would never be able to get everyone to get transactions in the same order and therefore there would be no single accurate record of transactions.  Blocking is necessary. 

[Etlase2]

It is quite easy to imagine where miners assemble transactions into blocks and collectively build a shared block chain but the protocol doesn't require proof-of-work.

I've already described in detail a system that does not require proof of work at all for network security in my signature. Instead of it being based on a weak PKI infrastructure, those who wish to create blocks put a large chunk of money on the line as collateral that they will not create more than one block or do anything else nefarious or they will lose their deposit. In return, the tx fees are split among those who perform the network security. It is also based around confirming transactions every 10 seconds rather than minutes.

[wolverine.ks]

So in order to stop double spending, the transactions have to be propagated throughout the entire network, which likely spans the entire planet. And there is no (theoretical/practical/already implemented) method to get that information around the planet faster than 10 minutes?

thanks

-wolv

[Littleshop]

It is quite easy to imagine where miners assemble transactions into blocks and collectively build a shared block chain but the protocol doesn't require proof-of-work.

I've already described in detail a system that does not require proof of work at all for network security in my signature. Instead of it being based on a weak PKI infrastructure, those who wish to create blocks put a large chunk of money on the line as collateral that they will not create more than one block or do anything else nefarious or they will lose their deposit. In return, the tx fees are split among those who perform the network security. It is also based around confirming transactions every 10 seconds rather than minutes.

Does not sound secure to me. For a known cost you can cause a failure of trust.  If the deposit is very high then you turn mining into a thing with a high barrier of entry for the already rich only. If the deposit is low then you can cause trust issues for a low price.

[beeblebrox]

So in order to stop double spending, the transactions have to be propagated throughout the entire network, which likely spans the entire planet. And there is no (theoretical/practical/already implemented) method to get that information around the planet faster than 10 minutes?

thanks

-wolv

Yep, that's the problem. 

(You can do it faster than 10 minutes though-- I think some alt-coins do it in 5 mins or less.  However, this is pushing the boundaries-- it would mean that spilts start occuring very regularly because some nodes would constantly be falling out of sync. 
There is also the other problem that if the block time decreased to sub-minute intervals the mining would become very biased to the advantage of some miners with fast internet connections.  A couple of seconds lag-time of slow internet connections would lead to a loss of a few percent of possible hash attempts of the lagged miner compared to one that isn't lagged.)

[DeathAndTaxes]

So in order to stop double spending, the transactions have to be propagated throughout the entire network, which likely spans the entire planet. And there is no (theoretical/practical/already implemented) method to get that information around the planet faster than 10 minutes?

thanks

-wolv

You can do it faster than 10 minutes, LTC uses 2.5 minute blocks for example.  You probably (if super majority of nodes were on high bandwidth low latency links) could get away with sub 1 minute blocks.  10 minutes was simply chose as a compromise.  The smaller the difference between the AVERAGE block interval and AVERAGE propogation delay, the more hashing power that is wasted in orphaned chains.   Remember just because the average time between blocks is 10 (or 2.5 or 1) minutes, it doesn't change the fact that each block will have variable time.  A significant fraction of blocks will be solved in less than a minute.  No node has connection to every other node on the network.  Nodes have to broadcast to peers who independently verify and broadcast to peers.  As blocks get larger maintaining a huge number of connections (to reduce the number of "hops") becomes more expensive in terms of bandwidth.    A cryptocurrency could choose any number as a block interval just remember there is no "free lunch", shorter or longer there are pros and cons to both.

[Etlase2]

Does not sound secure to me. For a known cost you can cause a failure of trust.  If the deposit is very high then you turn mining into a thing with a high barrier of entry for the already rich only. If the deposit is low then you can cause trust issues for a low price.

Then perhaps you should read before making judgment? Just a thought. Mining and tx security are separate. If you do something bad in regards to tx security, you lose your deposit. No trust is required, proof is by digital signature.